From 41f4fa65b576beb1a6615cee99c997273d0492bc Mon Sep 17 00:00:00 2001 From: Nikkuss Date: Thu, 26 Mar 2026 21:23:22 +0400 Subject: [PATCH] init --- .envrc | 1 + .gitignore | 4 + Cargo.lock | 2724 ++++++++++++++++++++++++++++++++++ Cargo.toml | 50 + flake.lock | 98 ++ flake.nix | 100 ++ src/bin/bore_client.rs | 17 + src/bin/bore_server.rs | 17 + src/client/mod.rs | 312 ++++ src/client/relay.rs | 154 ++ src/config.rs | 63 + src/lib.rs | 7 + src/protocol.rs | 148 ++ src/quic.rs | 264 ++++ src/relay.rs | 55 + src/server/endpoints/http.rs | 120 ++ src/server/endpoints/mod.rs | 3 + src/server/endpoints/tcp.rs | 75 + src/server/endpoints/udp.rs | 120 ++ src/server/firewall.rs | 93 ++ src/server/mod.rs | 120 ++ src/server/quic_listener.rs | 211 +++ src/server/state.rs | 126 ++ src/server/traefik.rs | 113 ++ src/tunnel.rs | 14 + 25 files changed, 5009 insertions(+) create mode 100644 .envrc create mode 100644 .gitignore create mode 100644 Cargo.lock create mode 100644 Cargo.toml create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 src/bin/bore_client.rs create mode 100644 src/bin/bore_server.rs create mode 100644 src/client/mod.rs create mode 100644 src/client/relay.rs create mode 100644 src/config.rs create mode 100644 src/lib.rs create mode 100644 src/protocol.rs create mode 100644 src/quic.rs create mode 100644 src/relay.rs create mode 100644 src/server/endpoints/http.rs create mode 100644 src/server/endpoints/mod.rs create mode 100644 src/server/endpoints/tcp.rs create mode 100644 src/server/endpoints/udp.rs create mode 100644 src/server/firewall.rs create mode 100644 src/server/mod.rs create mode 100644 src/server/quic_listener.rs create mode 100644 src/server/state.rs create mode 100644 src/server/traefik.rs create mode 100644 src/tunnel.rs diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c75b127 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +/.direnv +/bore-data +/target +/result diff --git a/Cargo.lock b/Cargo.lock new file mode 100644 index 0000000..e5761c0 --- /dev/null +++ b/Cargo.lock @@ -0,0 +1,2724 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "addr2line" +version = "0.25.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b5d307320b3181d6d7954e663bd7c774a838b8220fe0593c86d9fb09f498b4b" +dependencies = [ + "gimli", +] + +[[package]] +name = "adler2" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa" + +[[package]] +name = "aho-corasick" +version = "1.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301" +dependencies = [ + "memchr", +] + +[[package]] +name = "anstream" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "824a212faf96e9acacdbd09febd34438f8f711fb84e09a8916013cd7815ca28d" +dependencies = [ + "anstyle", + "anstyle-parse", + "anstyle-query", + "anstyle-wincon", + "colorchoice", + "is_terminal_polyfill", + "utf8parse", +] + +[[package]] +name = "anstyle" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "940b3a0ca603d1eade50a4846a2afffd5ef57a9feac2c0e2ec2e14f9ead76000" + +[[package]] +name = "anstyle-parse" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52ce7f38b242319f7cabaa6813055467063ecdc9d355bbb4ce0c68908cd8130e" +dependencies = [ + "utf8parse", +] + +[[package]] +name = "anstyle-query" +version = "1.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "40c48f72fd53cd289104fc64099abca73db4166ad86ea0b4341abe65af83dadc" +dependencies = [ + "windows-sys 0.60.2", +] + +[[package]] +name = "anstyle-wincon" +version = "3.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "291e6a250ff86cd4a820112fb8898808a366d8f9f58ce16d1f538353ad55747d" +dependencies = [ + "anstyle", + "once_cell_polyfill", + "windows-sys 0.60.2", +] + +[[package]] +name = "anyhow" +version = "1.0.102" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c" + +[[package]] +name = "asn1-rs" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56624a96882bb8c26d61312ae18cb45868e5a9992ea73c58e45c3101e56a1e60" +dependencies = [ + "asn1-rs-derive", + "asn1-rs-impl", + "displaydoc", + "nom", + "num-traits", + "rusticata-macros", + "thiserror 2.0.18", + "time", +] + +[[package]] +name = "asn1-rs-derive" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3109e49b1e4909e9db6515a30c633684d68cdeaa252f215214cb4fa1a5bfee2c" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + +[[package]] +name = "asn1-rs-impl" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "atomic-waker" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" + +[[package]] +name = "autocfg" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" + +[[package]] +name = "axum" +version = "0.8.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b52af3cb4058c895d37317bb27508dccc8e5f2d39454016b297bf4a400597b8" +dependencies = [ + "axum-core", + "axum-macros", + "bytes", + "form_urlencoded", + "futures-util", + "http", + "http-body", + "http-body-util", + "hyper", + "hyper-util", + "itoa", + "matchit", + "memchr", + "mime", + "percent-encoding", + "pin-project-lite", + "serde_core", + "serde_json", + "serde_path_to_error", + "serde_urlencoded", + "sync_wrapper", + "tokio", + "tower", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "axum-core" +version = "0.5.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08c78f31d7b1291f7ee735c1c6780ccde7785daae9a9206026862dab7d8792d1" +dependencies = [ + "bytes", + "futures-core", + "http", + "http-body", + "http-body-util", + "mime", + "pin-project-lite", + "sync_wrapper", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "axum-macros" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "604fde5e028fea851ce1d8570bbdc034bec850d157f7569d10f347d06808c05c" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "backtrace" +version = "0.3.76" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb531853791a215d7c62a30daf0dde835f381ab5de4589cfe7c649d2cbe92bd6" +dependencies = [ + "addr2line", + "cfg-if", + "libc", + "miniz_oxide", + "object", + "rustc-demangle", + "windows-link", +] + +[[package]] +name = "base64" +version = "0.22.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" + +[[package]] +name = "bitflags" +version = "2.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "843867be96c8daad0d758b57df9392b6d8d271134fce549de6ce169ff98a92af" + +[[package]] +name = "bore" +version = "0.1.0" +dependencies = [ + "axum", + "bytes", + "clap", + "color-eyre", + "dashmap", + "dirs", + "http", + "http-body-util", + "hyper", + "hyper-util", + "inquire", + "owo-colors", + "quinn", + "rcgen", + "ring", + "rkyv", + "rustls", + "rustls-pemfile", + "serde", + "serde_json", + "thiserror 2.0.18", + "tokio", + "tokio-util", + "tracing", + "tracing-subscriber", + "uuid", +] + +[[package]] +name = "bumpalo" +version = "3.20.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5d20789868f4b01b2f2caec9f5c4e0213b41e3e5702a50157d699ae31ced2fcb" + +[[package]] +name = "bytecheck" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0caa33a2c0edca0419d15ac723dff03f1956f7978329b1e3b5fdaaaed9d3ca8b" +dependencies = [ + "bytecheck_derive", + "ptr_meta", + "rancor", + "simdutf8", +] + +[[package]] +name = "bytecheck_derive" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "89385e82b5d1821d2219e0b095efa2cc1f246cbf99080f3be46a1a85c0d392d9" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "bytes" +version = "1.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33" + +[[package]] +name = "cc" +version = "1.2.57" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a0dd1ca384932ff3641c8718a02769f1698e7563dc6974ffd03346116310423" +dependencies = [ + "find-msvc-tools", + "shlex", +] + +[[package]] +name = "cesu8" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c" + +[[package]] +name = "cfg-if" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" + +[[package]] +name = "cfg_aliases" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" + +[[package]] +name = "clap" +version = "4.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b193af5b67834b676abd72466a96c1024e6a6ad978a1f484bd90b85c94041351" +dependencies = [ + "clap_builder", + "clap_derive", +] + +[[package]] +name = "clap_builder" +version = "4.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "714a53001bf66416adb0e2ef5ac857140e7dc3a0c48fb28b2f10762fc4b5069f" +dependencies = [ + "anstream", + "anstyle", + "clap_lex", + "strsim", +] + +[[package]] +name = "clap_derive" +version = "4.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1110bd8a634a1ab8cb04345d8d878267d57c3cf1b38d91b71af6686408bbca6a" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "clap_lex" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8d4a3bb8b1e0c1050499d1815f5ab16d04f0959b233085fb31653fbfc9d98f9" + +[[package]] +name = "color-eyre" +version = "0.6.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5920befb47832a6d61ee3a3a846565cfa39b331331e68a3b1d1116630f2f26d" +dependencies = [ + "backtrace", + "color-spantrace", + "eyre", + "indenter", + "once_cell", + "owo-colors", + "tracing-error", +] + +[[package]] +name = "color-spantrace" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8b88ea9df13354b55bc7234ebcce36e6ef896aca2e42a15de9e10edce01b427" +dependencies = [ + "once_cell", + "owo-colors", + "tracing-core", + "tracing-error", +] + +[[package]] +name = "colorchoice" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d07550c9036bf2ae0c684c4297d503f838287c83c53686d05370d0e139ae570" + +[[package]] +name = "combine" +version = "4.6.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba5a308b75df32fe02788e748662718f03fde005016435c444eea572398219fd" +dependencies = [ + "bytes", + "memchr", +] + +[[package]] +name = "convert_case" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "633458d4ef8c78b72454de2d54fd6ab2e60f9e02be22f3c6104cdc8a4e0fceb9" +dependencies = [ + "unicode-segmentation", +] + +[[package]] +name = "core-foundation" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2a6cd9ae233e7f62ba4e9353e81a88df7fc8a5987b8d445b4d90c879bd156f6" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] +name = "core-foundation-sys" +version = "0.8.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" + +[[package]] +name = "crossbeam-utils" +version = "0.8.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" + +[[package]] +name = "crossterm" +version = "0.29.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d8b9f2e4c67f833b660cdb0a3523065869fb35570177239812ed4c905aeff87b" +dependencies = [ + "bitflags", + "crossterm_winapi", + "derive_more", + "document-features", + "mio", + "parking_lot", + "rustix", + "signal-hook", + "signal-hook-mio", + "winapi", +] + +[[package]] +name = "crossterm_winapi" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "acdd7c62a3665c7f6830a51635d9ac9b23ed385797f70a83bb8bafe9c572ab2b" +dependencies = [ + "winapi", +] + +[[package]] +name = "dashmap" +version = "6.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf" +dependencies = [ + "cfg-if", + "crossbeam-utils", + "hashbrown 0.14.5", + "lock_api", + "once_cell", + "parking_lot_core", +] + +[[package]] +name = "data-encoding" +version = "2.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7a1e2f27636f116493b8b860f5546edb47c8d8f8ea73e1d2a20be88e28d1fea" + +[[package]] +name = "der-parser" +version = "10.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07da5016415d5a3c4dd39b11ed26f915f52fc4e0dc197d87908bc916e51bc1a6" +dependencies = [ + "asn1-rs", + "displaydoc", + "nom", + "num-bigint", + "num-traits", + "rusticata-macros", +] + +[[package]] +name = "deranged" +version = "0.5.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7cd812cc2bc1d69d4764bd80df88b4317eaef9e773c75226407d9bc0876b211c" +dependencies = [ + "powerfmt", +] + +[[package]] +name = "derive_more" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d751e9e49156b02b44f9c1815bcb94b984cdcc4396ecc32521c739452808b134" +dependencies = [ + "derive_more-impl", +] + +[[package]] +name = "derive_more-impl" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "799a97264921d8623a957f6c3b9011f3b5492f557bbb7a5a19b7fa6d06ba8dcb" +dependencies = [ + "convert_case", + "proc-macro2", + "quote", + "rustc_version", + "syn", +] + +[[package]] +name = "dirs" +version = "6.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3e8aa94d75141228480295a7d0e7feb620b1a5ad9f12bc40be62411e38cce4e" +dependencies = [ + "dirs-sys", +] + +[[package]] +name = "dirs-sys" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e01a3366d27ee9890022452ee61b2b63a67e6f13f58900b651ff5665f0bb1fab" +dependencies = [ + "libc", + "option-ext", + "redox_users", + "windows-sys 0.60.2", +] + +[[package]] +name = "displaydoc" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "document-features" +version = "0.2.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d4b8a88685455ed29a21542a33abd9cb6510b6b129abadabdcef0f4c55bc8f61" +dependencies = [ + "litrs", +] + +[[package]] +name = "dyn-clone" +version = "1.0.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0881ea181b1df73ff77ffaaf9c7544ecc11e82fba9b5f27b262a3c73a332555" + +[[package]] +name = "equivalent" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f" + +[[package]] +name = "errno" +version = "0.3.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" +dependencies = [ + "libc", + "windows-sys 0.60.2", +] + +[[package]] +name = "eyre" +version = "0.6.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7cd915d99f24784cdc19fd37ef22b97e3ff0ae756c7e492e9fbfe897d61e2aec" +dependencies = [ + "indenter", + "once_cell", +] + +[[package]] +name = "fastbloom" +version = "0.14.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4e7f34442dbe69c60fe8eaf58a8cafff81a1f278816d8ab4db255b3bef4ac3c4" +dependencies = [ + "getrandom 0.3.4", + "libm", + "rand", + "siphasher", +] + +[[package]] +name = "find-msvc-tools" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582" + +[[package]] +name = "foldhash" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" + +[[package]] +name = "form_urlencoded" +version = "1.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb4cb245038516f5f85277875cdaa4f7d2c9a0fa0468de06ed190163b1581fcf" +dependencies = [ + "percent-encoding", +] + +[[package]] +name = "futures-channel" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d" +dependencies = [ + "futures-core", +] + +[[package]] +name = "futures-core" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d" + +[[package]] +name = "futures-sink" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893" + +[[package]] +name = "futures-task" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393" + +[[package]] +name = "futures-util" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6" +dependencies = [ + "futures-core", + "futures-task", + "pin-project-lite", + "slab", +] + +[[package]] +name = "fuzzy-matcher" +version = "0.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "54614a3312934d066701a80f20f15fa3b56d67ac7722b39eea5b4c9dd1d66c94" +dependencies = [ + "thread_local", +] + +[[package]] +name = "getrandom" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" +dependencies = [ + "cfg-if", + "js-sys", + "libc", + "wasi", + "wasm-bindgen", +] + +[[package]] +name = "getrandom" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd" +dependencies = [ + "cfg-if", + "js-sys", + "libc", + "r-efi 5.3.0", + "wasip2", + "wasm-bindgen", +] + +[[package]] +name = "getrandom" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555" +dependencies = [ + "cfg-if", + "libc", + "r-efi 6.0.0", + "wasip2", + "wasip3", +] + +[[package]] +name = "gimli" +version = "0.32.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e629b9b98ef3dd8afe6ca2bd0f89306cec16d43d907889945bc5d6687f2f13c7" + +[[package]] +name = "hashbrown" +version = "0.14.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" + +[[package]] +name = "hashbrown" +version = "0.15.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1" +dependencies = [ + "foldhash", +] + +[[package]] +name = "hashbrown" +version = "0.16.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100" + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "http" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3ba2a386d7f85a81f119ad7498ebe444d2e22c2af0b86b069416ace48b3311a" +dependencies = [ + "bytes", + "itoa", +] + +[[package]] +name = "http-body" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184" +dependencies = [ + "bytes", + "http", +] + +[[package]] +name = "http-body-util" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b021d93e26becf5dc7e1b75b1bed1fd93124b374ceb73f43d4d4eafec896a64a" +dependencies = [ + "bytes", + "futures-core", + "http", + "http-body", + "pin-project-lite", +] + +[[package]] +name = "httparse" +version = "1.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6dbf3de79e51f3d586ab4cb9d5c3e2c14aa28ed23d180cf89b4df0454a69cc87" + +[[package]] +name = "httpdate" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" + +[[package]] +name = "hyper" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2ab2d4f250c3d7b1c9fcdff1cece94ea4e2dfbec68614f7b87cb205f24ca9d11" +dependencies = [ + "atomic-waker", + "bytes", + "futures-channel", + "futures-core", + "http", + "http-body", + "httparse", + "httpdate", + "itoa", + "pin-project-lite", + "pin-utils", + "smallvec", + "tokio", + "want", +] + +[[package]] +name = "hyper-util" +version = "0.1.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "96547c2556ec9d12fb1578c4eaf448b04993e7fb79cbaad930a656880a6bdfa0" +dependencies = [ + "bytes", + "http", + "http-body", + "hyper", + "pin-project-lite", + "tokio", + "tower-service", +] + +[[package]] +name = "id-arena" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954" + +[[package]] +name = "indenter" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "964de6e86d545b246d84badc0fef527924ace5134f30641c203ef52ba83f58d5" + +[[package]] +name = "indexmap" +version = "2.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7714e70437a7dc3ac8eb7e6f8df75fd8eb422675fc7678aff7364301092b1017" +dependencies = [ + "equivalent", + "hashbrown 0.16.1", + "serde", + "serde_core", +] + +[[package]] +name = "inquire" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6654738b8024300cf062d04a1c13c10c8e2cea598ec1c47dc9b6641159429756" +dependencies = [ + "bitflags", + "crossterm", + "dyn-clone", + "fuzzy-matcher", + "unicode-segmentation", + "unicode-width", +] + +[[package]] +name = "is_terminal_polyfill" +version = "1.70.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6cb138bb79a146c1bd460005623e142ef0181e3d0219cb493e02f7d08a35695" + +[[package]] +name = "itoa" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682" + +[[package]] +name = "jni" +version = "0.21.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a87aa2bb7d2af34197c04845522473242e1aa17c12f4935d5856491a7fb8c97" +dependencies = [ + "cesu8", + "cfg-if", + "combine", + "jni-sys 0.3.1", + "log", + "thiserror 1.0.69", + "walkdir", + "windows-sys 0.45.0", +] + +[[package]] +name = "jni-sys" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41a652e1f9b6e0275df1f15b32661cf0d4b78d4d87ddec5e0c3c20f097433258" +dependencies = [ + "jni-sys 0.4.1", +] + +[[package]] +name = "jni-sys" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c6377a88cb3910bee9b0fa88d4f42e1d2da8e79915598f65fb0c7ee14c878af2" +dependencies = [ + "jni-sys-macros", +] + +[[package]] +name = "jni-sys-macros" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "38c0b942f458fe50cdac086d2f946512305e5631e720728f2a61aabcd47a6264" +dependencies = [ + "quote", + "syn", +] + +[[package]] +name = "js-sys" +version = "0.3.91" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b49715b7073f385ba4bc528e5747d02e66cb39c6146efb66b781f131f0fb399c" +dependencies = [ + "once_cell", + "wasm-bindgen", +] + +[[package]] +name = "lazy_static" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" + +[[package]] +name = "leb128fmt" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" + +[[package]] +name = "libc" +version = "0.2.183" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5b646652bf6661599e1da8901b3b9522896f01e736bad5f723fe7a3a27f899d" + +[[package]] +name = "libm" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981" + +[[package]] +name = "libredox" +version = "0.1.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ddbf48fd451246b1f8c2610bd3b4ac0cc6e149d89832867093ab69a17194f08" +dependencies = [ + "libc", +] + +[[package]] +name = "linux-raw-sys" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a66949e030da00e8c7d4434b251670a91556f4144941d37452769c25d58a53" + +[[package]] +name = "litrs" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "11d3d7f243d5c5a8b9bb5d6dd2b1602c0cb0b9db1621bafc7ed66e35ff9fe092" + +[[package]] +name = "lock_api" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "224399e74b87b5f3557511d98dff8b14089b3dadafcab6bb93eab67d3aace965" +dependencies = [ + "scopeguard", +] + +[[package]] +name = "log" +version = "0.4.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897" + +[[package]] +name = "lru-slab" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "112b39cec0b298b6c1999fee3e31427f74f676e4cb9879ed1a121b43661a4154" + +[[package]] +name = "matchers" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d1525a2a28c7f4fa0fc98bb91ae755d1e2d1505079e05539e35bc876b5d65ae9" +dependencies = [ + "regex-automata", +] + +[[package]] +name = "matchit" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47e1ffaa40ddd1f3ed91f717a33c8c0ee23fff369e3aa8772b9605cc1d22f4c3" + +[[package]] +name = "memchr" +version = "2.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79" + +[[package]] +name = "mime" +version = "0.3.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" + +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + +[[package]] +name = "miniz_oxide" +version = "0.8.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fa76a2c86f704bdb222d66965fb3d63269ce38518b83cb0575fca855ebb6316" +dependencies = [ + "adler2", +] + +[[package]] +name = "mio" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a69bcab0ad47271a0234d9422b131806bf3968021e5dc9328caf2d4cd58557fc" +dependencies = [ + "libc", + "log", + "wasi", + "windows-sys 0.61.2", +] + +[[package]] +name = "munge" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e17401f259eba956ca16491461b6e8f72913a0a114e39736ce404410f915a0c" +dependencies = [ + "munge_macro", +] + +[[package]] +name = "munge_macro" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4568f25ccbd45ab5d5603dc34318c1ec56b117531781260002151b8530a9f931" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "nom" +version = "7.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +dependencies = [ + "memchr", + "minimal-lexical", +] + +[[package]] +name = "nu-ansi-term" +version = "0.50.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5" +dependencies = [ + "windows-sys 0.60.2", +] + +[[package]] +name = "num-bigint" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9" +dependencies = [ + "num-integer", + "num-traits", +] + +[[package]] +name = "num-conv" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c6673768db2d862beb9b39a78fdcb1a69439615d5794a1be50caa9bc92c81967" + +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", +] + +[[package]] +name = "object" +version = "0.37.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe" +dependencies = [ + "memchr", +] + +[[package]] +name = "oid-registry" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "12f40cff3dde1b6087cc5d5f5d4d65712f34016a03ed60e9c08dcc392736b5b7" +dependencies = [ + "asn1-rs", +] + +[[package]] +name = "once_cell" +version = "1.21.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50" + +[[package]] +name = "once_cell_polyfill" +version = "1.70.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "384b8ab6d37215f3c5301a95a4accb5d64aa607f1fcb26a11b5303878451b4fe" + +[[package]] +name = "openssl-probe" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe" + +[[package]] +name = "option-ext" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d" + +[[package]] +name = "owo-colors" +version = "4.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d211803b9b6b570f68772237e415a029d5a50c65d382910b879fb19d3271f94d" + +[[package]] +name = "parking_lot" +version = "0.12.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93857453250e3077bd71ff98b6a65ea6621a19bb0f559a85248955ac12c45a1a" +dependencies = [ + "lock_api", + "parking_lot_core", +] + +[[package]] +name = "parking_lot_core" +version = "0.9.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1" +dependencies = [ + "cfg-if", + "libc", + "redox_syscall", + "smallvec", + "windows-link", +] + +[[package]] +name = "pem" +version = "3.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d30c53c26bc5b31a98cd02d20f25a7c8567146caf63ed593a9d87b2775291be" +dependencies = [ + "base64", + "serde_core", +] + +[[package]] +name = "percent-encoding" +version = "2.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220" + +[[package]] +name = "pin-project-lite" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd" + +[[package]] +name = "pin-utils" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" + +[[package]] +name = "powerfmt" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" + +[[package]] +name = "ppv-lite86" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" +dependencies = [ + "zerocopy", +] + +[[package]] +name = "prettyplease" +version = "0.2.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" +dependencies = [ + "proc-macro2", + "syn", +] + +[[package]] +name = "proc-macro2" +version = "1.0.106" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "ptr_meta" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b9a0cf95a1196af61d4f1cbdab967179516d9a4a4312af1f31948f8f6224a79" +dependencies = [ + "ptr_meta_derive", +] + +[[package]] +name = "ptr_meta_derive" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7347867d0a7e1208d93b46767be83e2b8f978c3dad35f775ac8d8847551d6fe1" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "quinn" +version = "0.11.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9e20a958963c291dc322d98411f541009df2ced7b5a4f2bd52337638cfccf20" +dependencies = [ + "bytes", + "cfg_aliases", + "pin-project-lite", + "quinn-proto", + "quinn-udp", + "rustc-hash", + "rustls", + "socket2", + "thiserror 2.0.18", + "tokio", + "tracing", + "web-time", +] + +[[package]] +name = "quinn-proto" +version = "0.11.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "434b42fec591c96ef50e21e886936e66d3cc3f737104fdb9b737c40ffb94c098" +dependencies = [ + "bytes", + "fastbloom", + "getrandom 0.3.4", + "lru-slab", + "rand", + "ring", + "rustc-hash", + "rustls", + "rustls-pki-types", + "rustls-platform-verifier", + "slab", + "thiserror 2.0.18", + "tinyvec", + "tracing", + "web-time", +] + +[[package]] +name = "quinn-udp" +version = "0.5.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "addec6a0dcad8a8d96a771f815f0eaf55f9d1805756410b39f5fa81332574cbd" +dependencies = [ + "cfg_aliases", + "libc", + "once_cell", + "socket2", + "tracing", + "windows-sys 0.60.2", +] + +[[package]] +name = "quote" +version = "1.0.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "r-efi" +version = "5.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" + +[[package]] +name = "r-efi" +version = "6.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf" + +[[package]] +name = "rancor" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a063ea72381527c2a0561da9c80000ef822bdd7c3241b1cc1b12100e3df081ee" +dependencies = [ + "ptr_meta", +] + +[[package]] +name = "rand" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1" +dependencies = [ + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76afc826de14238e6e8c374ddcc1fa19e374fd8dd986b0d2af0d02377261d83c" +dependencies = [ + "getrandom 0.3.4", +] + +[[package]] +name = "rcgen" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10b99e0098aa4082912d4c649628623db6aba77335e4f4569ff5083a6448b32e" +dependencies = [ + "pem", + "ring", + "rustls-pki-types", + "time", + "x509-parser", + "yasna", +] + +[[package]] +name = "redox_syscall" +version = "0.5.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d" +dependencies = [ + "bitflags", +] + +[[package]] +name = "redox_users" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4e608c6638b9c18977b00b475ac1f28d14e84b27d8d42f70e0bf1e3dec127ac" +dependencies = [ + "getrandom 0.2.17", + "libredox", + "thiserror 2.0.18", +] + +[[package]] +name = "regex-automata" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e1dd4122fc1595e8162618945476892eefca7b88c52820e74af6262213cae8f" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a" + +[[package]] +name = "rend" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cadadef317c2f20755a64d7fdc48f9e7178ee6b0e1f7fce33fa60f1d68a276e6" +dependencies = [ + "bytecheck", +] + +[[package]] +name = "ring" +version = "0.17.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7" +dependencies = [ + "cc", + "cfg-if", + "getrandom 0.2.17", + "libc", + "untrusted", + "windows-sys 0.52.0", +] + +[[package]] +name = "rkyv" +version = "0.8.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a30e631b7f4a03dee9056b8ef6982e8ba371dd5bedb74d3ec86df4499132c70" +dependencies = [ + "bytecheck", + "bytes", + "hashbrown 0.16.1", + "indexmap", + "munge", + "ptr_meta", + "rancor", + "rend", + "rkyv_derive", + "tinyvec", + "uuid", +] + +[[package]] +name = "rkyv_derive" +version = "0.8.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8100bb34c0a1d0f907143db3149e6b4eea3c33b9ee8b189720168e818303986f" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "rustc-demangle" +version = "0.1.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b50b8869d9fc858ce7266cce0194bd74df58b9d0e3f6df3a9fc8eb470d95c09d" + +[[package]] +name = "rustc-hash" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d" + +[[package]] +name = "rustc_version" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" +dependencies = [ + "semver", +] + +[[package]] +name = "rusticata-macros" +version = "4.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "faf0c4a6ece9950b9abdb62b1cfcf2a68b3b67a10ba445b3bb85be2a293d0632" +dependencies = [ + "nom", +] + +[[package]] +name = "rustix" +version = "1.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6fe4565b9518b83ef4f91bb47ce29620ca828bd32cb7e408f0062e9930ba190" +dependencies = [ + "bitflags", + "errno", + "libc", + "linux-raw-sys", + "windows-sys 0.60.2", +] + +[[package]] +name = "rustls" +version = "0.23.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "758025cb5fccfd3bc2fd74708fd4682be41d99e5dff73c377c0646c6012c73a4" +dependencies = [ + "once_cell", + "ring", + "rustls-pki-types", + "rustls-webpki", + "subtle", + "zeroize", +] + +[[package]] +name = "rustls-native-certs" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "612460d5f7bea540c490b2b6395d8e34a953e52b491accd6c86c8164c5932a63" +dependencies = [ + "openssl-probe", + "rustls-pki-types", + "schannel", + "security-framework", +] + +[[package]] +name = "rustls-pemfile" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50" +dependencies = [ + "rustls-pki-types", +] + +[[package]] +name = "rustls-pki-types" +version = "1.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd" +dependencies = [ + "web-time", + "zeroize", +] + +[[package]] +name = "rustls-platform-verifier" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d99feebc72bae7ab76ba994bb5e121b8d83d910ca40b36e0921f53becc41784" +dependencies = [ + "core-foundation", + "core-foundation-sys", + "jni", + "log", + "once_cell", + "rustls", + "rustls-native-certs", + "rustls-platform-verifier-android", + "rustls-webpki", + "security-framework", + "security-framework-sys", + "webpki-root-certs", + "windows-sys 0.60.2", +] + +[[package]] +name = "rustls-platform-verifier-android" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f87165f0995f63a9fbeea62b64d10b4d9d8e78ec6d7d51fb2125fda7bb36788f" + +[[package]] +name = "rustls-webpki" +version = "0.103.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df33b2b81ac578cabaf06b89b0631153a3f416b0a886e8a7a1707fb51abbd1ef" +dependencies = [ + "ring", + "rustls-pki-types", + "untrusted", +] + +[[package]] +name = "rustversion" +version = "1.0.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" + +[[package]] +name = "ryu" +version = "1.0.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f" + +[[package]] +name = "same-file" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" +dependencies = [ + "winapi-util", +] + +[[package]] +name = "schannel" +version = "0.1.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91c1b7e4904c873ef0710c1f407dde2e6287de2bebc1bbbf7d430bb7cbffd939" +dependencies = [ + "windows-sys 0.61.2", +] + +[[package]] +name = "scopeguard" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" + +[[package]] +name = "security-framework" +version = "3.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7f4bc775c73d9a02cde8bf7b2ec4c9d12743edf609006c7facc23998404cd1d" +dependencies = [ + "bitflags", + "core-foundation", + "core-foundation-sys", + "libc", + "security-framework-sys", +] + +[[package]] +name = "security-framework-sys" +version = "2.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce2691df843ecc5d231c0b14ece2acc3efb62c0a398c7e1d875f3983ce020e3" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] +name = "semver" +version = "1.0.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d767eb0aabc880b29956c35734170f26ed551a859dbd361d140cdbeca61ab1e2" + +[[package]] +name = "serde" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" +dependencies = [ + "serde_core", + "serde_derive", +] + +[[package]] +name = "serde_core" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_json" +version = "1.0.149" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" +dependencies = [ + "itoa", + "memchr", + "serde", + "serde_core", + "zmij", +] + +[[package]] +name = "serde_path_to_error" +version = "0.1.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10a9ff822e371bb5403e391ecd83e182e0e77ba7f6fe0160b795797109d1b457" +dependencies = [ + "itoa", + "serde", + "serde_core", +] + +[[package]] +name = "serde_urlencoded" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" +dependencies = [ + "form_urlencoded", + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "sharded-slab" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6" +dependencies = [ + "lazy_static", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "signal-hook" +version = "0.3.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d881a16cf4426aa584979d30bd82cb33429027e42122b169753d6ef1085ed6e2" +dependencies = [ + "libc", + "signal-hook-registry", +] + +[[package]] +name = "signal-hook-mio" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b75a19a7a740b25bc7944bdee6172368f988763b744e3d4dfe753f6b4ece40cc" +dependencies = [ + "libc", + "mio", + "signal-hook", +] + +[[package]] +name = "signal-hook-registry" +version = "1.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b" +dependencies = [ + "errno", + "libc", +] + +[[package]] +name = "simdutf8" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3a9fe34e3e7a50316060351f37187a3f546bce95496156754b601a5fa71b76e" + +[[package]] +name = "siphasher" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2aa850e253778c88a04c3d7323b043aeda9d3e30d5971937c1855769763678e" + +[[package]] +name = "slab" +version = "0.4.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c790de23124f9ab44544d7ac05d60440adc586479ce501c1d6d7da3cd8c9cf5" + +[[package]] +name = "smallvec" +version = "1.15.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" + +[[package]] +name = "socket2" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e" +dependencies = [ + "libc", + "windows-sys 0.60.2", +] + +[[package]] +name = "strsim" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" + +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + +[[package]] +name = "syn" +version = "2.0.117" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "sync_wrapper" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263" + +[[package]] +name = "synstructure" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "thiserror" +version = "1.0.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52" +dependencies = [ + "thiserror-impl 1.0.69", +] + +[[package]] +name = "thiserror" +version = "2.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4" +dependencies = [ + "thiserror-impl 2.0.18", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "thiserror-impl" +version = "2.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "thread_local" +version = "1.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "time" +version = "0.3.47" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c" +dependencies = [ + "deranged", + "itoa", + "num-conv", + "powerfmt", + "serde_core", + "time-core", + "time-macros", +] + +[[package]] +name = "time-core" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca" + +[[package]] +name = "time-macros" +version = "0.2.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215" +dependencies = [ + "num-conv", + "time-core", +] + +[[package]] +name = "tinyvec" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3e61e67053d25a4e82c844e8424039d9745781b3fc4f32b8d55ed50f5f667ef3" +dependencies = [ + "tinyvec_macros", +] + +[[package]] +name = "tinyvec_macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" + +[[package]] +name = "tokio" +version = "1.50.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "27ad5e34374e03cfffefc301becb44e9dc3c17584f414349ebe29ed26661822d" +dependencies = [ + "bytes", + "libc", + "mio", + "parking_lot", + "pin-project-lite", + "signal-hook-registry", + "socket2", + "tokio-macros", + "windows-sys 0.61.2", +] + +[[package]] +name = "tokio-macros" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c55a2eff8b69ce66c84f85e1da1c233edc36ceb85a2058d11b0d6a3c7e7569c" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tokio-util" +version = "0.7.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ae9cec805b01e8fc3fd2fe289f89149a9b66dd16786abd8b19cfa7b48cb0098" +dependencies = [ + "bytes", + "futures-core", + "futures-sink", + "pin-project-lite", + "tokio", +] + +[[package]] +name = "tower" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4" +dependencies = [ + "futures-core", + "futures-util", + "pin-project-lite", + "sync_wrapper", + "tokio", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "tower-layer" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e" + +[[package]] +name = "tower-service" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" + +[[package]] +name = "tracing" +version = "0.1.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100" +dependencies = [ + "log", + "pin-project-lite", + "tracing-attributes", + "tracing-core", +] + +[[package]] +name = "tracing-attributes" +version = "0.1.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tracing-core" +version = "0.1.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a" +dependencies = [ + "once_cell", + "valuable", +] + +[[package]] +name = "tracing-error" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b1581020d7a273442f5b45074a6a57d5757ad0a47dac0e9f0bd57b81936f3db" +dependencies = [ + "tracing", + "tracing-subscriber", +] + +[[package]] +name = "tracing-log" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3" +dependencies = [ + "log", + "once_cell", + "tracing-core", +] + +[[package]] +name = "tracing-subscriber" +version = "0.3.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb7f578e5945fb242538965c2d0b04418d38ec25c79d160cd279bf0731c8d319" +dependencies = [ + "matchers", + "nu-ansi-term", + "once_cell", + "regex-automata", + "sharded-slab", + "smallvec", + "thread_local", + "tracing", + "tracing-core", + "tracing-log", +] + +[[package]] +name = "try-lock" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" + +[[package]] +name = "unicode-ident" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75" + +[[package]] +name = "unicode-segmentation" +version = "1.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9629274872b2bfaf8d66f5f15725007f635594914870f65218920345aa11aa8c" + +[[package]] +name = "unicode-width" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b4ac048d71ede7ee76d585517add45da530660ef4390e49b098733c6e897f254" + +[[package]] +name = "unicode-xid" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" + +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + +[[package]] +name = "utf8parse" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" + +[[package]] +name = "uuid" +version = "1.22.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a68d3c8f01c0cfa54a75291d83601161799e4a89a39e0929f4b0354d88757a37" +dependencies = [ + "getrandom 0.4.2", + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "valuable" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65" + +[[package]] +name = "walkdir" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b" +dependencies = [ + "same-file", + "winapi-util", +] + +[[package]] +name = "want" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e" +dependencies = [ + "try-lock", +] + +[[package]] +name = "wasi" +version = "0.11.1+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" + +[[package]] +name = "wasip2" +version = "1.0.2+wasi-0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9517f9239f02c069db75e65f174b3da828fe5f5b945c4dd26bd25d89c03ebcf5" +dependencies = [ + "wit-bindgen", +] + +[[package]] +name = "wasip3" +version = "0.4.0+wasi-0.3.0-rc-2026-01-06" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5" +dependencies = [ + "wit-bindgen", +] + +[[package]] +name = "wasm-bindgen" +version = "0.2.114" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6532f9a5c1ece3798cb1c2cfdba640b9b3ba884f5db45973a6f442510a87d38e" +dependencies = [ + "cfg-if", + "once_cell", + "rustversion", + "wasm-bindgen-macro", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.114" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "18a2d50fcf105fb33bb15f00e7a77b772945a2ee45dcf454961fd843e74c18e6" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.114" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "03ce4caeaac547cdf713d280eda22a730824dd11e6b8c3ca9e42247b25c631e3" +dependencies = [ + "bumpalo", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.114" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75a326b8c223ee17883a4251907455a2431acc2791c98c26279376490c378c16" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "wasm-encoder" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319" +dependencies = [ + "leb128fmt", + "wasmparser", +] + +[[package]] +name = "wasm-metadata" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909" +dependencies = [ + "anyhow", + "indexmap", + "wasm-encoder", + "wasmparser", +] + +[[package]] +name = "wasmparser" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe" +dependencies = [ + "bitflags", + "hashbrown 0.15.5", + "indexmap", + "semver", +] + +[[package]] +name = "web-time" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "webpki-root-certs" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "804f18a4ac2676ffb4e8b5b5fa9ae38af06df08162314f96a68d2a363e21a8ca" +dependencies = [ + "rustls-pki-types", +] + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-util" +version = "0.1.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22" +dependencies = [ + "windows-sys 0.60.2", +] + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "windows-link" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5" + +[[package]] +name = "windows-sys" +version = "0.45.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0" +dependencies = [ + "windows-targets 0.42.2", +] + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets 0.52.6", +] + +[[package]] +name = "windows-sys" +version = "0.60.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb" +dependencies = [ + "windows-targets 0.53.5", +] + +[[package]] +name = "windows-sys" +version = "0.61.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-targets" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071" +dependencies = [ + "windows_aarch64_gnullvm 0.42.2", + "windows_aarch64_msvc 0.42.2", + "windows_i686_gnu 0.42.2", + "windows_i686_msvc 0.42.2", + "windows_x86_64_gnu 0.42.2", + "windows_x86_64_gnullvm 0.42.2", + "windows_x86_64_msvc 0.42.2", +] + +[[package]] +name = "windows-targets" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" +dependencies = [ + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", + "windows_i686_gnullvm 0.52.6", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", +] + +[[package]] +name = "windows-targets" +version = "0.53.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4945f9f551b88e0d65f3db0bc25c33b8acea4d9e41163edf90dcd0b19f9069f3" +dependencies = [ + "windows-link", + "windows_aarch64_gnullvm 0.53.1", + "windows_aarch64_msvc 0.53.1", + "windows_i686_gnu 0.53.1", + "windows_i686_gnullvm 0.53.1", + "windows_i686_msvc 0.53.1", + "windows_x86_64_gnu 0.53.1", + "windows_x86_64_gnullvm 0.53.1", + "windows_x86_64_msvc 0.53.1", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8" + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a9d8416fa8b42f5c947f8482c43e7d89e73a173cead56d044f6a56104a6d1b53" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9d782e804c2f632e395708e99a94275910eb9100b2114651e04744e9b125006" + +[[package]] +name = "windows_i686_gnu" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnu" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "960e6da069d81e09becb0ca57a65220ddff016ff2d6af6a223cf372a506593a3" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa7359d10048f68ab8b09fa71c3daccfb0e9b559aed648a8f95469c27057180c" + +[[package]] +name = "windows_i686_msvc" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" + +[[package]] +name = "windows_i686_msvc" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e7ac75179f18232fe9c285163565a57ef8d3c89254a30685b57d83a38d326c2" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c3842cdd74a865a8066ab39c8a7a473c0778a3f29370b5fd6b4b9aa7df4a499" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ffa179e2d07eee8ad8f57493436566c7cc30ac536a3379fdf008f47f6bb7ae1" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d6bbff5f0aada427a1e5a6da5f1f98158182f26556f345ac9e04d36d0ebed650" + +[[package]] +name = "wit-bindgen" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5" +dependencies = [ + "wit-bindgen-rust-macro", +] + +[[package]] +name = "wit-bindgen-core" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc" +dependencies = [ + "anyhow", + "heck", + "wit-parser", +] + +[[package]] +name = "wit-bindgen-rust" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21" +dependencies = [ + "anyhow", + "heck", + "indexmap", + "prettyplease", + "syn", + "wasm-metadata", + "wit-bindgen-core", + "wit-component", +] + +[[package]] +name = "wit-bindgen-rust-macro" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a" +dependencies = [ + "anyhow", + "prettyplease", + "proc-macro2", + "quote", + "syn", + "wit-bindgen-core", + "wit-bindgen-rust", +] + +[[package]] +name = "wit-component" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2" +dependencies = [ + "anyhow", + "bitflags", + "indexmap", + "log", + "serde", + "serde_derive", + "serde_json", + "wasm-encoder", + "wasm-metadata", + "wasmparser", + "wit-parser", +] + +[[package]] +name = "wit-parser" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736" +dependencies = [ + "anyhow", + "id-arena", + "indexmap", + "log", + "semver", + "serde", + "serde_derive", + "serde_json", + "unicode-xid", + "wasmparser", +] + +[[package]] +name = "x509-parser" +version = "0.18.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d43b0f71ce057da06bc0851b23ee24f3f86190b07203dd8f567d0b706a185202" +dependencies = [ + "asn1-rs", + "data-encoding", + "der-parser", + "lazy_static", + "nom", + "oid-registry", + "ring", + "rusticata-macros", + "thiserror 2.0.18", + "time", +] + +[[package]] +name = "yasna" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e17bb3549cc1321ae1296b9cdc2698e2b6cb1992adfa19a8c72e5b7a738f44cd" +dependencies = [ + "time", +] + +[[package]] +name = "zerocopy" +version = "0.8.47" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "efbb2a062be311f2ba113ce66f697a4dc589f85e78a4aea276200804cea0ed87" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.8.47" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0e8bc7269b54418e7aeeef514aa68f8690b8c0489a06b0136e5f57c4c5ccab89" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zeroize" +version = "1.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0" + +[[package]] +name = "zmij" +version = "1.0.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa" diff --git a/Cargo.toml b/Cargo.toml new file mode 100644 index 0000000..da31647 --- /dev/null +++ b/Cargo.toml @@ -0,0 +1,50 @@ +cargo-features = ["codegen-backend"] + +[package] +name = "bore" +version = "0.1.0" +edition = "2024" + +[profile.dev] +codegen-backend = "cranelift" +opt-level = 0 + +[profile.dev.package."*"] +codegen-backend = "llvm" +opt-level = 3 + +[[bin]] +name = "bore-server" +path = "src/bin/bore_server.rs" + +[[bin]] +name = "bore-client" +path = "src/bin/bore_client.rs" + +[dependencies] +quinn = "0.11" +tokio = { version = "1", features = ["full"] } +clap = { version = "4", features = ["derive", "env"] } +axum = { version = "0.8", features = ["macros"] } +hyper = { version = "1", features = ["client", "http1"] } +hyper-util = { version = "0.1", features = ["tokio"] } +rkyv = { version = "0.8", features = ["bytecheck"] } +serde = { version = "1", features = ["derive"] } +serde_json = "1" +tracing = "0.1" +tracing-subscriber = { version = "0.3", features = ["env-filter"] } +uuid = { version = "1", features = ["v4"] } +rcgen = "0.14" +rustls = { version = "0.23", default-features = false, features = ["ring", "std"] } +color-eyre = "0.6" +thiserror = "2" +dashmap = "6" +bytes = "1" +tokio-util = { version = "0.7", features = ["io"] } +http = "1" +http-body-util = "0.1" +rustls-pemfile = "2" +ring = "0.17" +dirs = "6" +owo-colors = "4" +inquire = "0.9" diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..4700871 --- /dev/null +++ b/flake.lock @@ -0,0 +1,98 @@ +{ + "nodes": { + "crane": { + "locked": { + "lastModified": 1774313767, + "narHash": "sha256-hy0XTQND6avzGEUFrJtYBBpFa/POiiaGBr2vpU6Y9tY=", + "owner": "ipetkov", + "repo": "crane", + "rev": "3d9df76e29656c679c744968b17fbaf28f0e923d", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1774106199, + "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "crane": "crane", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "rust-overlay": "rust-overlay" + } + }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1774408260, + "narHash": "sha256-Jn9d9r85dmf3gTMnSRt6t+DP2nQ5uJns/MMXg2FpzfM=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "d6471ee5a8f470251e6e5b83a20a182eb6c46c9b", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..b26f906 --- /dev/null +++ b/flake.nix @@ -0,0 +1,100 @@ +{ + description = "bore - QUIC tunnel service"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + crane.url = "github:ipetkov/crane"; + flake-utils.url = "github:numtide/flake-utils"; + rust-overlay = { + url = "github:oxalica/rust-overlay"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = + { + nixpkgs, + crane, + flake-utils, + rust-overlay, + ... + }: + flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ + (import rust-overlay) + ]; + }; + + inherit (pkgs) lib; + + craneLib = (crane.mkLib pkgs).overrideToolchain ( + p: + p.rust-bin.nightly.latest.default.override { + extensions = [ + "rustc-codegen-cranelift-preview" + "rust-analyzer" + "rust-src" + ]; + } + ); + cargoArtifacts = craneLib.buildDepsOnly commonArgs; + src = craneLib.cleanCargoSource ./.; + commonArgs = { + inherit src; + strictDeps = true; + }; + bore = craneLib.buildPackage ( + commonArgs + // { + inherit cargoArtifacts; + } + ); + bore-server = pkgs.stdenv.mkDerivation { + name = "bore-server"; + phases = [ "installPhase" ]; + installPhase = '' + mkdir -p $out/bin + ln -s ${bore}/bin/bore-server $out/bin/bore-server + ''; + meta = { + description = "bore server binary"; + mainProgram = "bore-server"; + }; + }; + bore-client = pkgs.stdenv.mkDerivation { + name = "bore-client"; + phases = [ "installPhase" ]; + installPhase = '' + mkdir -p $out/bin + ln -s ${bore}/bin/bore-client $out/bin/bore-client + ''; + meta = { + description = "bore client binary"; + mainProgram = "bore-client"; + }; + }; + in + { + packages = { + default = bore-client; + inherit bore-client bore-server; + }; + + devShells.default = craneLib.devShell { + RUSTFLAGS = "-Clinker=clang -Clink-arg=-fuse-ld=mold -Z macro-backtrace"; + RUST_LOG = "debug"; + packages = with pkgs; [ + mold + llvmPackages.clang + llvmPackages.lld + watchexec + cargo-edit + ]; + }; + } + ); +} diff --git a/src/bin/bore_client.rs b/src/bin/bore_client.rs new file mode 100644 index 0000000..34906dd --- /dev/null +++ b/src/bin/bore_client.rs @@ -0,0 +1,17 @@ +use clap::Parser; +use color_eyre::Result; + +use bore::client::{ClientArgs, run}; + +#[tokio::main] +async fn main() -> Result<()> { + color_eyre::install()?; + if std::env::var_os("RUST_LOG").is_some() { + tracing_subscriber::fmt() + .with_env_filter(tracing_subscriber::EnvFilter::from_default_env()) + .init(); + } + + let args = ClientArgs::parse(); + run(args).await +} diff --git a/src/bin/bore_server.rs b/src/bin/bore_server.rs new file mode 100644 index 0000000..c225be5 --- /dev/null +++ b/src/bin/bore_server.rs @@ -0,0 +1,17 @@ +use clap::Parser; +use color_eyre::Result; + +use bore::server::{ServerArgs, run}; + +#[tokio::main] +async fn main() -> Result<()> { + color_eyre::install()?; + tracing_subscriber::fmt() + .with_env_filter( + tracing_subscriber::EnvFilter::try_from_default_env().unwrap_or_else(|_| "info".into()), + ) + .init(); + + let args = ServerArgs::parse(); + run(args).await +} diff --git a/src/client/mod.rs b/src/client/mod.rs new file mode 100644 index 0000000..c673987 --- /dev/null +++ b/src/client/mod.rs @@ -0,0 +1,312 @@ +pub mod relay; + +use std::collections::HashMap; +use std::net::SocketAddr; +use std::sync::Arc; + +use clap::Parser; +use color_eyre::Result; +use owo_colors::OwoColorize; +use tokio_util::sync::CancellationToken; + +use crate::protocol::{ + ClientMessage, ServerMessage, TunnelProtocol, read_server_message, write_client_message, +}; +use crate::tunnel::TunnelInfo; + +#[derive(Parser, Debug)] +pub struct ClientArgs { + /// Server address (host:port) + #[arg(long, env = "BORE_SERVER")] + pub server: String, + + /// TCP forwards: [HOST:]PORT:REMOTE_PORT + #[arg(long = "tcp", value_name = "[HOST:]PORT:REMOTE", env = "BORE_TCP")] + pub tcp_forwards: Vec, + + /// UDP forwards: [HOST:]PORT:REMOTE_PORT + #[arg(long = "udp", value_name = "[HOST:]PORT:REMOTE", env = "BORE_UDP")] + pub udp_forwards: Vec, + + /// HTTP forwards: [HOST:]PORT[:SUBDOMAIN] + #[arg( + long = "http", + value_name = "[HOST:]PORT[:SUBDOMAIN]", + env = "BORE_HTTP" + )] + pub http_forwards: Vec, +} + +struct ForwardSpec { + protocol: TunnelProtocol, + /// Target address to connect to, e.g. "127.0.0.1:8080" or "10.0.4.2:3000" + target: String, + /// Port to tell the server (extracted from target) + local_port: u16, + remote_port: Option, + subdomain: Option, +} + +/// Parse a target spec like "8080", "10.0.4.2:8080" into (host, port). +/// Bare port defaults host to "127.0.0.1". +fn parse_host_port(s: &str) -> Result<(String, u16)> { + if let Ok(port) = s.parse::() { + return Ok(("127.0.0.1".to_string(), port)); + } + // Try as host:port + let (host, port_str) = s + .rsplit_once(':') + .ok_or_else(|| color_eyre::eyre::eyre!("invalid address: {s}"))?; + let port: u16 = port_str.parse()?; + Ok((host.to_string(), port)) +} + +fn parse_forwards(args: &ClientArgs) -> Result> { + let mut specs = Vec::new(); + + // TCP/UDP: last segment is always REMOTE_PORT, everything before is [HOST:]PORT + // e.g. "8080:9000", "10.0.4.2:8080:9000" + for s in &args.tcp_forwards { + let (target_part, remote_str) = s.rsplit_once(':').ok_or_else(|| { + color_eyre::eyre::eyre!("invalid TCP forward: {s} (expected [HOST:]PORT:REMOTE)") + })?; + let remote_port: u16 = remote_str.parse()?; + let (host, port) = parse_host_port(target_part)?; + specs.push(ForwardSpec { + protocol: TunnelProtocol::Tcp, + target: format!("{host}:{port}"), + local_port: port, + remote_port: Some(remote_port), + subdomain: None, + }); + } + + for s in &args.udp_forwards { + let (target_part, remote_str) = s.rsplit_once(':').ok_or_else(|| { + color_eyre::eyre::eyre!("invalid UDP forward: {s} (expected [HOST:]PORT:REMOTE)") + })?; + let remote_port: u16 = remote_str.parse()?; + let (host, port) = parse_host_port(target_part)?; + specs.push(ForwardSpec { + protocol: TunnelProtocol::Udp, + target: format!("{host}:{port}"), + local_port: port, + remote_port: Some(remote_port), + subdomain: None, + }); + } + + // HTTP: split from the right — last segment that's NOT a valid port is subdomain + // e.g. "3000", "3000:myapp", "10.0.4.2:3000", "10.0.4.2:3000:myapp" + for s in &args.http_forwards { + let parts: Vec<&str> = s.split(':').collect(); + match parts.len() { + // "3000" + 1 => { + let port: u16 = parts[0].parse()?; + specs.push(ForwardSpec { + protocol: TunnelProtocol::Http, + target: format!("127.0.0.1:{port}"), + local_port: port, + remote_port: None, + subdomain: None, + }); + } + // "3000:myapp" or "10.0.4.2:3000" + 2 => { + if let Ok(port) = parts[1].parse::() { + // "10.0.4.2:3000" + specs.push(ForwardSpec { + protocol: TunnelProtocol::Http, + target: format!("{}:{port}", parts[0]), + local_port: port, + remote_port: None, + subdomain: None, + }); + } else { + // "3000:myapp" + let port: u16 = parts[0].parse()?; + specs.push(ForwardSpec { + protocol: TunnelProtocol::Http, + target: format!("127.0.0.1:{port}"), + local_port: port, + remote_port: None, + subdomain: Some(parts[1].to_string()), + }); + } + } + // "10.0.4.2:3000:myapp" + 3 => { + let port: u16 = parts[1].parse()?; + specs.push(ForwardSpec { + protocol: TunnelProtocol::Http, + target: format!("{}:{port}", parts[0]), + local_port: port, + remote_port: None, + subdomain: Some(parts[2].to_string()), + }); + } + _ => { + return Err(color_eyre::eyre::eyre!( + "invalid HTTP forward: {s} (expected [HOST:]PORT[:SUBDOMAIN])" + )); + } + } + } + + Ok(specs) +} + +pub async fn run(args: ClientArgs) -> Result<()> { + let cancel = CancellationToken::new(); + + let forwards = parse_forwards(&args)?; + if forwards.is_empty() { + return Err(color_eyre::eyre::eyre!("no forwards specified")); + } + + // Append default port if not specified + let server_str = if args.server.contains(':') { + args.server.clone() + } else { + format!("{}:4843", args.server) + }; + + // Parse server address + let server_addr: SocketAddr = tokio::net::lookup_host(&server_str) + .await? + .next() + .ok_or_else(|| color_eyre::eyre::eyre!("could not resolve server address: {server_str}"))?; + + let server_host = server_str.split(':').next().unwrap_or("localhost"); + + // Create QUIC endpoint with TOFU certificate verification + let (endpoint, tofu_state) = + crate::quic::make_tofu_client_endpoint("0.0.0.0:0".parse()?, &server_str)?; + + // Resolve secret: saved > prompt + let secret = if let Some(s) = crate::config::load_secret(&server_str)? { + s + } else { + tokio::task::spawn_blocking(|| inquire::Text::new("Secret:").prompt()) + .await? + .map_err(|e| color_eyre::eyre::eyre!("prompt cancelled: {e}"))? + }; + + eprintln!("{}", format!("Connecting to {server_addr}...").dimmed()); + let connection = endpoint.connect(server_addr, server_host)?.await?; + + // Persist TOFU fingerprint now that the connection succeeded + tofu_state.save_if_new()?; + + // Open control stream + let (mut send, mut recv) = connection.open_bi().await?; + + // Authenticate + write_client_message( + &mut send, + &ClientMessage::Auth { + secret: secret.clone(), + }, + ) + .await?; + + let reply = read_server_message(&mut recv).await?; + match reply { + ServerMessage::AuthOk => { + crate::config::save_secret(&server_str, &secret)?; + } + ServerMessage::Error { message } => { + return Err(color_eyre::eyre::eyre!("authentication failed: {message}")); + } + _ => { + return Err(color_eyre::eyre::eyre!("unexpected response to auth")); + } + } + + // Request tunnels and collect tunnel_id -> TunnelInfo mapping + let mut tunnel_map: HashMap = HashMap::new(); + + eprintln!(); + for spec in &forwards { + write_client_message( + &mut send, + &ClientMessage::RequestTunnel { + protocol: spec.protocol, + local_port: spec.local_port, + remote_port: spec.remote_port, + subdomain: spec.subdomain.clone(), + }, + ) + .await?; + + let reply = read_server_message(&mut recv).await?; + match reply { + ServerMessage::TunnelCreated { + tunnel_id, + protocol, + assigned_port, + assigned_subdomain, + } => { + match protocol { + TunnelProtocol::Tcp => { + eprintln!( + "{} {} {} server:{}", + "tcp ".green().bold(), + spec.target, + "<-".dimmed(), + assigned_port.unwrap_or(0), + ); + } + TunnelProtocol::Udp => { + eprintln!( + "{} {} {} server:{}", + "udp ".yellow().bold(), + spec.target, + "<-".dimmed(), + assigned_port.unwrap_or(0), + ); + } + TunnelProtocol::Http => { + eprintln!( + "{} {} {} {}", + "http".cyan().bold(), + spec.target, + "<-".dimmed(), + assigned_subdomain.as_deref().unwrap_or("unknown"), + ); + } + } + + tunnel_map.insert( + tunnel_id, + TunnelInfo { + id: tunnel_id, + protocol, + target: spec.target.clone(), + remote_port: assigned_port, + subdomain: assigned_subdomain, + }, + ); + } + ServerMessage::Error { message } => { + eprintln!("{} {message}", "error".red().bold()); + } + _ => { + eprintln!("{} unexpected server response", "error".red().bold()); + } + } + } + + if tunnel_map.is_empty() { + return Err(color_eyre::eyre::eyre!("no tunnels were created")); + } + + let tunnel_map = Arc::new(tunnel_map); + + eprintln!(); + eprintln!("{}", "Ready. Press Ctrl+C to exit.".dimmed()); + relay::accept_streams(connection, tunnel_map, cancel).await?; + + Ok(()) +} diff --git a/src/client/relay.rs b/src/client/relay.rs new file mode 100644 index 0000000..bee24e9 --- /dev/null +++ b/src/client/relay.rs @@ -0,0 +1,154 @@ +use std::collections::HashMap; +use std::sync::Arc; +use std::sync::atomic::{AtomicU64, Ordering}; + +use color_eyre::Result; +use owo_colors::OwoColorize; +use tokio::net::TcpStream; +use tokio_util::sync::CancellationToken; +use tracing::{debug, warn}; + +use crate::protocol::{TunnelProtocol, read_stream_header, read_udp_frame, write_udp_frame}; +use crate::relay::{QuicBiStream, relay}; +use crate::tunnel::TunnelInfo; + +static NEXT_CONN_ID: AtomicU64 = AtomicU64::new(1); + +/// Accept incoming QUIC bidirectional streams from the server and relay to local services. +pub async fn accept_streams( + connection: quinn::Connection, + tunnel_map: Arc>, + cancel: CancellationToken, +) -> Result<()> { + loop { + tokio::select! { + _ = cancel.cancelled() => break, + result = connection.accept_bi() => { + let (send, recv) = match result { + Ok(v) => v, + Err(e) => { + debug!("connection closed: {e}"); + eprintln!("{}", "Connection to server lost.".red()); + break; + } + }; + + let conn_id = NEXT_CONN_ID.fetch_add(1, Ordering::Relaxed); + let tunnel_map = tunnel_map.clone(); + tokio::spawn(async move { + if let Err(e) = handle_stream(conn_id, send, recv, tunnel_map).await { + debug!("stream relay error: {e:#}"); + } + }); + } + } + } + Ok(()) +} + +async fn handle_stream( + conn_id: u64, + quic_send: quinn::SendStream, + mut quic_recv: quinn::RecvStream, + tunnel_map: Arc>, +) -> Result<()> { + let header = read_stream_header(&mut quic_recv).await?; + + let info = tunnel_map + .get(&header.tunnel_id) + .ok_or_else(|| color_eyre::eyre::eyre!("unknown tunnel id {}", header.tunnel_id))?; + + let label = match info.protocol { + TunnelProtocol::Tcp => "tcp ".green().bold().to_string(), + TunnelProtocol::Http => "http".cyan().bold().to_string(), + TunnelProtocol::Udp => "udp ".yellow().bold().to_string(), + }; + let id = format!("#{conn_id}"); + let peer = &header.peer_addr; + let target = &info.target; + + eprintln!( + "{label} {} {} {} {target}", + id.dimmed(), + peer.dimmed(), + "->".dimmed(), + ); + + let result = match info.protocol { + TunnelProtocol::Tcp | TunnelProtocol::Http => { + relay_tcp_stream(target, quic_send, quic_recv).await + } + TunnelProtocol::Udp => relay_udp_stream(target, quic_send, quic_recv).await, + }; + + eprintln!( + "{label} {} {} {} {target}", + id.dimmed(), + peer.dimmed(), + "x-".dimmed(), + ); + result +} + +async fn relay_tcp_stream( + target: &str, + quic_send: quinn::SendStream, + quic_recv: quinn::RecvStream, +) -> Result<()> { + let tcp_stream = TcpStream::connect(target).await?; + debug!(target, "connected to local service"); + + let quic_stream = QuicBiStream { + send: quic_send, + recv: quic_recv, + }; + relay(tcp_stream, quic_stream).await?; + Ok(()) +} + +async fn relay_udp_stream( + target: &str, + mut quic_send: quinn::SendStream, + mut quic_recv: quinn::RecvStream, +) -> Result<()> { + let socket = tokio::net::UdpSocket::bind("0.0.0.0:0").await?; + socket.connect(target).await?; + debug!(target, "connected to local service"); + + let socket = Arc::new(socket); + + let socket_tx = socket.clone(); + let quic_to_udp = async move { + while let Ok(data) = read_udp_frame(&mut quic_recv).await { + if let Err(e) = socket_tx.send(&data).await { + warn!("UDP send error: {e}"); + break; + } + } + }; + + let udp_to_quic = async move { + let mut buf = vec![0u8; 65536]; + loop { + match socket.recv(&mut buf).await { + Ok(n) => { + if let Err(e) = write_udp_frame(&mut quic_send, &buf[..n]).await { + warn!("QUIC write error: {e}"); + break; + } + } + Err(e) => { + warn!("UDP recv error: {e}"); + break; + } + } + } + }; + + tokio::select! { + _ = quic_to_udp => {}, + _ = udp_to_quic => {}, + } + + Ok(()) +} diff --git a/src/config.rs b/src/config.rs new file mode 100644 index 0000000..878eb48 --- /dev/null +++ b/src/config.rs @@ -0,0 +1,63 @@ +use std::path::{Path, PathBuf}; + +use color_eyre::Result; + +/// ~/.bore directory. +pub fn bore_dir() -> Result { + let home = dirs::home_dir() + .ok_or_else(|| color_eyre::eyre::eyre!("could not determine home directory"))?; + Ok(home.join(".bore")) +} + +fn secrets_path() -> Result { + Ok(bore_dir()?.join("secrets")) +} + +pub fn load_secret(server_key: &str) -> Result> { + let path = secrets_path()?; + load_entry(&path, server_key) +} + +pub fn save_secret(server_key: &str, secret: &str) -> Result<()> { + let path = secrets_path()?; + save_entry(&path, server_key, secret) +} + +pub fn load_entry(path: &Path, key: &str) -> Result> { + let contents = match std::fs::read_to_string(path) { + Ok(c) => c, + Err(e) if e.kind() == std::io::ErrorKind::NotFound => return Ok(None), + Err(e) => return Err(e.into()), + }; + for line in contents.lines() { + let line = line.trim(); + if line.is_empty() || line.starts_with('#') { + continue; + } + if let Some((k, v)) = line.split_once(' ') + && k == key + { + return Ok(Some(v.to_string())); + } + } + Ok(None) +} + +pub fn save_entry(path: &Path, key: &str, value: &str) -> Result<()> { + if let Some(parent) = path.parent() { + std::fs::create_dir_all(parent)?; + } + + let mut lines: Vec = match std::fs::read_to_string(path) { + Ok(c) => c + .lines() + .filter(|l| l.split_once(' ').is_none_or(|(k, _)| k != key)) + .map(String::from) + .collect(), + Err(e) if e.kind() == std::io::ErrorKind::NotFound => Vec::new(), + Err(e) => return Err(e.into()), + }; + lines.push(format!("{key} {value}")); + std::fs::write(path, lines.join("\n") + "\n")?; + Ok(()) +} diff --git a/src/lib.rs b/src/lib.rs new file mode 100644 index 0000000..dd02843 --- /dev/null +++ b/src/lib.rs @@ -0,0 +1,7 @@ +pub mod client; +pub mod config; +pub mod protocol; +pub mod quic; +pub mod relay; +pub mod server; +pub mod tunnel; diff --git a/src/protocol.rs b/src/protocol.rs new file mode 100644 index 0000000..bf3bae3 --- /dev/null +++ b/src/protocol.rs @@ -0,0 +1,148 @@ +use rkyv::Archive; + +use crate::tunnel::TunnelId; + +/// Protocol for tunnel types. +#[derive(Debug, Clone, Copy, PartialEq, Eq, Archive, rkyv::Serialize, rkyv::Deserialize)] +pub enum TunnelProtocol { + Tcp, + Udp, + Http, +} + +/// Messages sent from client to server on the control stream. +#[derive(Debug, Archive, rkyv::Serialize, rkyv::Deserialize)] +pub enum ClientMessage { + Auth { + secret: String, + }, + RequestTunnel { + protocol: TunnelProtocol, + local_port: u16, + remote_port: Option, + subdomain: Option, + }, +} + +/// Messages sent from server to client on the control stream. +#[derive(Debug, Archive, rkyv::Serialize, rkyv::Deserialize)] +pub enum ServerMessage { + AuthOk, + TunnelCreated { + tunnel_id: TunnelId, + protocol: TunnelProtocol, + assigned_port: Option, + assigned_subdomain: Option, + }, + Error { + message: String, + }, +} + +async fn write_framed(send: &mut quinn::SendStream, bytes: &[u8]) -> color_eyre::Result<()> { + let len = (bytes.len() as u32).to_be_bytes(); + send.write_all(&len).await?; + send.write_all(bytes).await?; + Ok(()) +} + +async fn read_framed(recv: &mut quinn::RecvStream) -> color_eyre::Result> { + let mut len_buf = [0u8; 4]; + recv.read_exact(&mut len_buf).await?; + let len = u32::from_be_bytes(len_buf) as usize; + if len > 1024 * 1024 { + return Err(color_eyre::eyre::eyre!("message too large: {len} bytes")); + } + let mut buf = vec![0u8; len]; + recv.read_exact(&mut buf).await?; + Ok(buf) +} + +pub async fn write_client_message( + send: &mut quinn::SendStream, + msg: &ClientMessage, +) -> color_eyre::Result<()> { + let bytes = rkyv::to_bytes::(msg)?; + write_framed(send, &bytes).await +} + +pub async fn read_client_message( + recv: &mut quinn::RecvStream, +) -> color_eyre::Result { + let buf = read_framed(recv).await?; + let msg = rkyv::from_bytes::(&buf)?; + Ok(msg) +} + +pub async fn write_server_message( + send: &mut quinn::SendStream, + msg: &ServerMessage, +) -> color_eyre::Result<()> { + let bytes = rkyv::to_bytes::(msg)?; + write_framed(send, &bytes).await +} + +pub async fn read_server_message( + recv: &mut quinn::RecvStream, +) -> color_eyre::Result { + let buf = read_framed(recv).await?; + let msg = rkyv::from_bytes::(&buf)?; + Ok(msg) +} + +/// Data stream header: tunnel ID + peer address. +pub struct StreamHeader { + pub tunnel_id: TunnelId, + pub peer_addr: String, +} + +/// Write a data stream header: `[u64 BE tunnel_id][u16 BE addr_len][addr_utf8]`. +pub async fn write_stream_header( + send: &mut quinn::SendStream, + header: &StreamHeader, +) -> color_eyre::Result<()> { + send.write_all(&header.tunnel_id.to_be_bytes()).await?; + let addr_bytes = header.peer_addr.as_bytes(); + send.write_all(&(addr_bytes.len() as u16).to_be_bytes()) + .await?; + send.write_all(addr_bytes).await?; + Ok(()) +} + +/// Read a data stream header. +pub async fn read_stream_header(recv: &mut quinn::RecvStream) -> color_eyre::Result { + let mut id_buf = [0u8; 8]; + recv.read_exact(&mut id_buf).await?; + let tunnel_id = u64::from_be_bytes(id_buf); + + let mut len_buf = [0u8; 2]; + recv.read_exact(&mut len_buf).await?; + let len = u16::from_be_bytes(len_buf) as usize; + + let mut addr_buf = vec![0u8; len]; + recv.read_exact(&mut addr_buf).await?; + let peer_addr = String::from_utf8(addr_buf)?; + + Ok(StreamHeader { + tunnel_id, + peer_addr, + }) +} + +/// Write a UDP datagram with u16 BE length prefix. +pub async fn write_udp_frame(send: &mut quinn::SendStream, data: &[u8]) -> color_eyre::Result<()> { + let len = (data.len() as u16).to_be_bytes(); + send.write_all(&len).await?; + send.write_all(data).await?; + Ok(()) +} + +/// Read a UDP datagram with u16 BE length prefix. +pub async fn read_udp_frame(recv: &mut quinn::RecvStream) -> color_eyre::Result> { + let mut len_buf = [0u8; 2]; + recv.read_exact(&mut len_buf).await?; + let len = u16::from_be_bytes(len_buf) as usize; + let mut buf = vec![0u8; len]; + recv.read_exact(&mut buf).await?; + Ok(buf) +} diff --git a/src/quic.rs b/src/quic.rs new file mode 100644 index 0000000..0471dba --- /dev/null +++ b/src/quic.rs @@ -0,0 +1,264 @@ +use std::path::{Path, PathBuf}; +use std::sync::{Arc, Mutex}; +use std::time::Duration; + +use color_eyre::Result; +use quinn::VarInt; +use quinn::{ClientConfig, Endpoint, ServerConfig, TransportConfig}; +use rcgen::{CertifiedKey, generate_simple_self_signed}; +use ring::digest; +use rustls::pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer}; + +/// Shared transport config: long idle timeout + keep-alive. +fn transport_config() -> TransportConfig { + let mut transport = TransportConfig::default(); + transport.max_idle_timeout(Some(Duration::from_secs(300).try_into().unwrap())); + transport.keep_alive_interval(Some(Duration::from_secs(5))); + transport.max_concurrent_bidi_streams(VarInt::from_u32(4096)); + transport +} + +pub fn load_or_generate_cert( + data_dir: &Path, +) -> Result<(Vec>, PrivateKeyDer<'static>)> { + std::fs::create_dir_all(data_dir)?; + let cert_path = data_dir.join("cert.pem"); + let key_path = data_dir.join("key.pem"); + + if cert_path.exists() && key_path.exists() { + tracing::info!("loading TLS cert from {}", cert_path.display()); + let cert_pem = std::fs::read(&cert_path)?; + let key_pem = std::fs::read(&key_path)?; + + let certs: Vec> = rustls_pemfile::certs(&mut &cert_pem[..]) + .collect::, _>>()?; + let key = rustls_pemfile::private_key(&mut &key_pem[..])?.ok_or_else(|| { + color_eyre::eyre::eyre!("no private key found in {}", key_path.display()) + })?; + Ok((certs, key)) + } else { + tracing::info!("generating self-signed cert -> {}", cert_path.display()); + let CertifiedKey { cert, key_pair } = + generate_simple_self_signed(vec!["localhost".to_string()])?; + + std::fs::write(&cert_path, cert.pem())?; + std::fs::write(&key_path, key_pair.serialize_pem())?; + + let cert_der = CertificateDer::from(cert.der().to_vec()); + let key_der = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from(key_pair.serialize_der())); + Ok((vec![cert_der], key_der)) + } +} + +/// Create a QUIC server endpoint with the given cert+key. +pub fn make_server_endpoint( + bind_addr: std::net::SocketAddr, + certs: Vec>, + key: PrivateKeyDer<'static>, +) -> Result { + let mut server_crypto = rustls::ServerConfig::builder() + .with_no_client_auth() + .with_single_cert(certs, key)?; + server_crypto.alpn_protocols = vec![b"bore".to_vec()]; + + let mut server_config = ServerConfig::with_crypto(Arc::new( + quinn::crypto::rustls::QuicServerConfig::try_from(server_crypto)?, + )); + server_config.transport_config(Arc::new(transport_config())); + let endpoint = Endpoint::server(server_config, bind_addr)?; + tracing::info!("QUIC server listening on {bind_addr}"); + Ok(endpoint) +} + +pub fn cert_fingerprint(cert_der: &[u8]) -> String { + let hash = digest::digest(&digest::SHA256, cert_der); + let hex: Vec = hash.as_ref().iter().map(|b| format!("{b:02x}")).collect(); + format!("SHA256:{}", hex.join(":")) +} + +pub fn make_tofu_client_endpoint( + bind_addr: std::net::SocketAddr, + server_key: &str, +) -> Result<(Endpoint, Arc)> { + let known_hosts_path = known_hosts_path()?; + let known_fp = load_known_fingerprint(&known_hosts_path, server_key)?; + + let tofu = Arc::new(TofuState { + server_key: server_key.to_string(), + known_hosts_path, + known_fingerprint: known_fp, + accepted: Mutex::new(None), + }); + + let mut client_crypto = rustls::ClientConfig::builder() + .dangerous() + .with_custom_certificate_verifier(Arc::new(TofuVerifier(tofu.clone()))) + .with_no_client_auth(); + client_crypto.alpn_protocols = vec![b"bore".to_vec()]; + + let mut client_config = ClientConfig::new(Arc::new( + quinn::crypto::rustls::QuicClientConfig::try_from(client_crypto)?, + )); + client_config.transport_config(Arc::new(transport_config())); + let mut endpoint = Endpoint::client(bind_addr)?; + endpoint.set_default_client_config(client_config); + Ok((endpoint, tofu)) +} + +/// Persisted + runtime state for a TOFU handshake. +#[derive(Debug)] +pub struct TofuState { + server_key: String, + known_hosts_path: PathBuf, + known_fingerprint: Option, + /// Set by the verifier when it accepts a previously-unknown cert. + accepted: Mutex>, +} + +impl TofuState { + /// Persist the fingerprint if the verifier accepted a new (unknown) server. + /// Call this once after the QUIC connection succeeds. + pub fn save_if_new(&self) -> Result<()> { + let guard = self.accepted.lock().unwrap(); + if let Some(ref fp) = *guard { + save_known_fingerprint(&self.known_hosts_path, &self.server_key, fp)?; + } + Ok(()) + } +} + +fn known_hosts_path() -> Result { + Ok(crate::config::bore_dir()?.join("known_hosts")) +} + +fn load_known_fingerprint(path: &Path, server_key: &str) -> Result> { + crate::config::load_entry(path, server_key) +} + +fn save_known_fingerprint(path: &Path, server_key: &str, fingerprint: &str) -> Result<()> { + crate::config::save_entry(path, server_key, fingerprint) +} + +#[derive(Debug)] +struct TofuVerifier(Arc); + +impl rustls::client::danger::ServerCertVerifier for TofuVerifier { + fn verify_server_cert( + &self, + end_entity: &CertificateDer<'_>, + _intermediates: &[CertificateDer<'_>], + _server_name: &rustls::pki_types::ServerName<'_>, + _ocsp_response: &[u8], + _now: rustls::pki_types::UnixTime, + ) -> std::result::Result { + let fp = cert_fingerprint(end_entity.as_ref()); + + match &self.0.known_fingerprint { + Some(known) if *known == fp => { + // Known server, cert matches -- all good + Ok(rustls::client::danger::ServerCertVerified::assertion()) + } + Some(known) => { + // MISMATCH -- possible MITM + use owo_colors::OwoColorize; + eprintln!(); + eprintln!( + "{}", + "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" + .red() + .bold() + ); + eprintln!( + "{}", + "@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @" + .red() + .bold() + ); + eprintln!( + "{}", + "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" + .red() + .bold() + ); + eprintln!(); + eprintln!("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); + eprintln!("The server certificate fingerprint has changed."); + eprintln!(); + eprintln!(" Server: {}", self.0.server_key); + eprintln!(" Expected: {}", known.dimmed()); + eprintln!(" Got: {}", fp.red().bold()); + eprintln!(); + eprintln!("If the server was intentionally re-keyed, remove the old entry from:"); + eprintln!(" {}", self.0.known_hosts_path.display().underline()); + eprintln!("and reconnect."); + eprintln!(); + Err(rustls::Error::General( + "server certificate fingerprint mismatch".to_string(), + )) + } + None => { + // Unknown server -- prompt user + use owo_colors::OwoColorize; + eprintln!( + "{}", + format!( + "The authenticity of server '{}' can't be established.", + self.0.server_key + ) + .yellow(), + ); + eprintln!(" Fingerprint: {}", fp.dimmed()); + + let accepted = inquire::Confirm::new("Trust this server?") + .with_default(false) + .prompt() + .unwrap_or(false); + + if !accepted { + return Err(rustls::Error::General( + "server certificate rejected by user".to_string(), + )); + } + + *self.0.accepted.lock().unwrap() = Some(fp); + Ok(rustls::client::danger::ServerCertVerified::assertion()) + } + } + } + + fn verify_tls12_signature( + &self, + _message: &[u8], + _cert: &CertificateDer<'_>, + _dss: &rustls::DigitallySignedStruct, + ) -> std::result::Result { + Ok(rustls::client::danger::HandshakeSignatureValid::assertion()) + } + + fn verify_tls13_signature( + &self, + _message: &[u8], + _cert: &CertificateDer<'_>, + _dss: &rustls::DigitallySignedStruct, + ) -> std::result::Result { + Ok(rustls::client::danger::HandshakeSignatureValid::assertion()) + } + + fn supported_verify_schemes(&self) -> Vec { + ALL_SCHEMES.to_vec() + } +} + +const ALL_SCHEMES: &[rustls::SignatureScheme] = &[ + rustls::SignatureScheme::RSA_PKCS1_SHA256, + rustls::SignatureScheme::RSA_PKCS1_SHA384, + rustls::SignatureScheme::RSA_PKCS1_SHA512, + rustls::SignatureScheme::ECDSA_NISTP256_SHA256, + rustls::SignatureScheme::ECDSA_NISTP384_SHA384, + rustls::SignatureScheme::ECDSA_NISTP521_SHA512, + rustls::SignatureScheme::RSA_PSS_SHA256, + rustls::SignatureScheme::RSA_PSS_SHA384, + rustls::SignatureScheme::RSA_PSS_SHA512, + rustls::SignatureScheme::ED25519, + rustls::SignatureScheme::ED448, +]; diff --git a/src/relay.rs b/src/relay.rs new file mode 100644 index 0000000..a18733b --- /dev/null +++ b/src/relay.rs @@ -0,0 +1,55 @@ +use color_eyre::Result; +use tokio::io::{AsyncRead, AsyncWrite, copy_bidirectional}; + +/// Bidirectional relay between two async streams. +/// Returns when either direction hits EOF or an error. +pub async fn relay(mut a: A, mut b: B) -> Result<()> +where + A: AsyncRead + AsyncWrite + Unpin, + B: AsyncRead + AsyncWrite + Unpin, +{ + copy_bidirectional(&mut a, &mut b).await?; + Ok(()) +} + +/// Wrapper to combine a QUIC send+recv into a single AsyncRead+AsyncWrite. +pub struct QuicBiStream { + pub send: quinn::SendStream, + pub recv: quinn::RecvStream, +} + +impl tokio::io::AsyncRead for QuicBiStream { + fn poll_read( + mut self: std::pin::Pin<&mut Self>, + cx: &mut std::task::Context<'_>, + buf: &mut tokio::io::ReadBuf<'_>, + ) -> std::task::Poll> { + std::pin::Pin::new(&mut self.recv).poll_read(cx, buf) + } +} + +impl tokio::io::AsyncWrite for QuicBiStream { + fn poll_write( + mut self: std::pin::Pin<&mut Self>, + cx: &mut std::task::Context<'_>, + buf: &[u8], + ) -> std::task::Poll> { + std::pin::Pin::new(&mut self.send) + .poll_write(cx, buf) + .map(|r| r.map_err(std::io::Error::other)) + } + + fn poll_flush( + mut self: std::pin::Pin<&mut Self>, + cx: &mut std::task::Context<'_>, + ) -> std::task::Poll> { + std::pin::Pin::new(&mut self.send).poll_flush(cx) + } + + fn poll_shutdown( + mut self: std::pin::Pin<&mut Self>, + cx: &mut std::task::Context<'_>, + ) -> std::task::Poll> { + std::pin::Pin::new(&mut self.send).poll_shutdown(cx) + } +} diff --git a/src/server/endpoints/http.rs b/src/server/endpoints/http.rs new file mode 100644 index 0000000..b2e27a6 --- /dev/null +++ b/src/server/endpoints/http.rs @@ -0,0 +1,120 @@ +use std::net::SocketAddr; +use std::sync::Arc; + +use axum::Router; +use axum::body::Body; +use axum::extract::{ConnectInfo, Request, State}; +use axum::http::StatusCode; +use axum::response::{IntoResponse, Response}; +use color_eyre::Result; +use hyper_util::rt::TokioIo; +use tokio_util::sync::CancellationToken; +use tracing::{info, warn}; + +use crate::protocol::{StreamHeader, write_stream_header}; +use crate::relay::QuicBiStream; +use crate::server::state::ServerState; + +pub async fn run( + addr: SocketAddr, + state: Arc, + cancel: CancellationToken, +) -> Result<()> { + let app = Router::new().fallback(proxy_handler).with_state(state); + + let listener = tokio::net::TcpListener::bind(addr).await?; + info!(%addr, "HTTP server listening"); + + axum::serve( + listener, + app.into_make_service_with_connect_info::(), + ) + .with_graceful_shutdown(async move { cancel.cancelled().await }) + .await?; + Ok(()) +} + +async fn proxy_handler( + State(state): State>, + ConnectInfo(peer): ConnectInfo, + req: Request, +) -> Response { + match do_proxy(state, peer, req).await { + Ok(resp) => resp, + Err(e) => { + warn!("HTTP proxy error: {e:#}"); + (StatusCode::NOT_FOUND, format!("{e}")).into_response() + } + } +} + +async fn do_proxy( + state: Arc, + peer: SocketAddr, + req: Request, +) -> Result { + // Use X-Forwarded-For if present (from Traefik), otherwise direct peer + let peer_str = req + .headers() + .get("x-forwarded-for") + .and_then(|v| v.to_str().ok()) + .map(|v| v.split(',').next().unwrap_or(v).trim().to_string()) + .unwrap_or_else(|| peer.to_string()); + + // Extract subdomain from Host header + let host_header = req + .headers() + .get("host") + .and_then(|v| v.to_str().ok()) + .ok_or_else(|| color_eyre::eyre::eyre!("missing Host header"))?; + + // Strip port if present (e.g. "myapp.bore.localhost:8080" -> "myapp.bore.localhost") + let host = host_header.split(':').next().unwrap_or(host_header); + + let suffix = format!(".{}", state.base_domain); + let subdomain = host + .strip_suffix(&suffix) + .filter(|s| !s.is_empty()) + .ok_or_else(|| color_eyre::eyre::eyre!("no tunnel found for host {host}"))? + .to_string(); + + // Look up the tunnel + let tunnel_id = *state + .http_routes + .get(&subdomain) + .ok_or_else(|| color_eyre::eyre::eyre!("no tunnel for subdomain {subdomain}"))?; + + let entry = state + .tunnels + .get(&tunnel_id) + .ok_or_else(|| color_eyre::eyre::eyre!("tunnel {tunnel_id} not found in state"))?; + + let connection = entry.connection.clone(); + drop(entry); + + // Open QUIC stream to client + let (mut quic_send, quic_recv) = connection.open_bi().await?; + write_stream_header( + &mut quic_send, + &StreamHeader { + tunnel_id, + peer_addr: peer_str, + }, + ) + .await?; + + // Use hyper to proxy the HTTP request over the QUIC stream + let io = TokioIo::new(QuicBiStream { + send: quic_send, + recv: quic_recv, + }); + let (mut sender, conn) = hyper::client::conn::http1::handshake(io).await?; + tokio::spawn(async move { + if let Err(e) = conn.await { + warn!("HTTP proxy connection error: {e}"); + } + }); + + let resp = sender.send_request(req).await?; + Ok(resp.map(Body::new)) +} diff --git a/src/server/endpoints/mod.rs b/src/server/endpoints/mod.rs new file mode 100644 index 0000000..dd0dcfb --- /dev/null +++ b/src/server/endpoints/mod.rs @@ -0,0 +1,3 @@ +pub mod http; +pub mod tcp; +pub mod udp; diff --git a/src/server/endpoints/tcp.rs b/src/server/endpoints/tcp.rs new file mode 100644 index 0000000..251b3a0 --- /dev/null +++ b/src/server/endpoints/tcp.rs @@ -0,0 +1,75 @@ +use color_eyre::Result; +use quinn::Connection; +use tokio::net::TcpListener; +use tokio_util::sync::CancellationToken; +use tracing::{info, warn}; + +use std::net::SocketAddr; + +use crate::protocol::{StreamHeader, write_stream_header}; +use crate::relay::{QuicBiStream, relay}; +use crate::tunnel::TunnelId; + +/// Bind a TCP listener on the given port and relay each accepted connection +/// through a new QUIC bidirectional stream to the client. +/// Returns the actually assigned port. +pub async fn bind_and_relay( + tunnel_id: TunnelId, + port: u16, + connection: Connection, + cancel: CancellationToken, +) -> Result { + let listener = TcpListener::bind(("0.0.0.0", port)).await?; + let assigned_port = listener.local_addr()?.port(); + + tokio::spawn(async move { + loop { + tokio::select! { + _ = cancel.cancelled() => break, + accepted = listener.accept() => { + let (tcp_stream, peer) = match accepted { + Ok(v) => v, + Err(e) => { + warn!(tunnel_id, "TCP accept error: {e}"); + continue; + } + }; + info!(tunnel_id, %peer, "accepted TCP connection"); + + let connection = connection.clone(); + tokio::spawn(async move { + if let Err(e) = relay_tcp(tunnel_id, peer, tcp_stream, connection).await { + warn!(tunnel_id, %peer, "TCP relay error: {e:#}"); + } + }); + } + } + } + }); + + Ok(assigned_port) +} + +async fn relay_tcp( + tunnel_id: TunnelId, + peer: SocketAddr, + tcp_stream: tokio::net::TcpStream, + connection: Connection, +) -> Result<()> { + let (mut quic_send, quic_recv) = connection.open_bi().await?; + write_stream_header( + &mut quic_send, + &StreamHeader { + tunnel_id, + peer_addr: peer.to_string(), + }, + ) + .await?; + + let quic_stream = QuicBiStream { + send: quic_send, + recv: quic_recv, + }; + relay(tcp_stream, quic_stream).await?; + Ok(()) +} diff --git a/src/server/endpoints/udp.rs b/src/server/endpoints/udp.rs new file mode 100644 index 0000000..4c988bd --- /dev/null +++ b/src/server/endpoints/udp.rs @@ -0,0 +1,120 @@ +use std::collections::HashMap; +use std::net::SocketAddr; +use std::sync::Arc; + +use color_eyre::Result; +use quinn::Connection; +use tokio::net::UdpSocket; +use tokio::sync::Mutex; +use tokio_util::sync::CancellationToken; +use tracing::{info, warn}; + +use crate::protocol::{StreamHeader, read_udp_frame, write_stream_header, write_udp_frame}; +use crate::tunnel::TunnelId; + +/// Bind a UDP socket and relay datagrams through QUIC streams (one stream per source address). +/// Returns the actually assigned port. +pub async fn bind_and_relay( + tunnel_id: TunnelId, + port: u16, + connection: Connection, + cancel: CancellationToken, +) -> Result { + let socket = Arc::new(UdpSocket::bind(("0.0.0.0", port)).await?); + let assigned_port = socket.local_addr()?.port(); + + tokio::spawn(async move { + if let Err(e) = run_udp_relay(tunnel_id, socket, connection, cancel).await { + warn!(tunnel_id, "UDP relay error: {e:#}"); + } + }); + + Ok(assigned_port) +} + +async fn run_udp_relay( + tunnel_id: TunnelId, + socket: Arc, + connection: Connection, + cancel: CancellationToken, +) -> Result<()> { + // Track active sessions: source_addr -> QUIC send stream + let sessions: Arc>> = + Arc::new(Mutex::new(HashMap::new())); + + let mut buf = vec![0u8; 65536]; + + loop { + tokio::select! { + _ = cancel.cancelled() => break, + result = socket.recv_from(&mut buf) => { + let (n, src_addr) = result?; + let data = buf[..n].to_vec(); + + let mut sessions_guard = sessions.lock().await; + if let Some(send) = sessions_guard.get_mut(&src_addr) { + // Existing session: send datagram on existing stream + if let Err(e) = write_udp_frame(send, &data).await { + warn!(tunnel_id, %src_addr, "failed to write to QUIC stream: {e}"); + sessions_guard.remove(&src_addr); + } + } else { + // New session: open a new QUIC stream + match connection.open_bi().await { + Ok((mut quic_send, quic_recv)) => { + if let Err(e) = write_stream_header(&mut quic_send, &StreamHeader { + tunnel_id, + peer_addr: src_addr.to_string(), + }).await { + warn!(tunnel_id, %src_addr, "failed to write stream header: {e}"); + continue; + } + if let Err(e) = write_udp_frame(&mut quic_send, &data).await { + warn!(tunnel_id, %src_addr, "failed to write first datagram: {e}"); + continue; + } + sessions_guard.insert(src_addr, quic_send); + info!(tunnel_id, %src_addr, "new UDP session"); + + // Spawn task to read replies from client + let socket = socket.clone(); + let sessions = sessions.clone(); + tokio::spawn(async move { + if let Err(e) = handle_udp_replies( + tunnel_id, src_addr, quic_recv, socket, sessions, + ).await { + warn!(tunnel_id, %src_addr, "UDP reply handler error: {e:#}"); + } + }); + } + Err(e) => { + warn!(tunnel_id, "failed to open QUIC stream: {e}"); + } + } + } + } + } + } + Ok(()) +} + +async fn handle_udp_replies( + tunnel_id: TunnelId, + src_addr: SocketAddr, + mut quic_recv: quinn::RecvStream, + socket: Arc, + sessions: Arc>>, +) -> Result<()> { + loop { + let data = match read_udp_frame(&mut quic_recv).await { + Ok(d) => d, + Err(_) => break, + }; + socket.send_to(&data, src_addr).await?; + } + + // Clean up session + sessions.lock().await.remove(&src_addr); + info!(tunnel_id, %src_addr, "UDP session ended"); + Ok(()) +} diff --git a/src/server/firewall.rs b/src/server/firewall.rs new file mode 100644 index 0000000..9a969fb --- /dev/null +++ b/src/server/firewall.rs @@ -0,0 +1,93 @@ +use std::process::Command; +use std::sync::atomic::{AtomicBool, Ordering}; + +use color_eyre::Result; +use tracing::{info, warn}; + +static CHAIN_CREATED: AtomicBool = AtomicBool::new(false); + +const CHAIN: &str = "BORE"; + +fn iptables(args: &[&str]) -> Result<()> { + let output = Command::new("iptables").args(args).output()?; + if !output.status.success() { + let stderr = String::from_utf8_lossy(&output.stderr); + return Err(color_eyre::eyre::eyre!( + "iptables {} failed: {}", + args.join(" "), + stderr.trim() + )); + } + Ok(()) +} + +fn chain_exists() -> bool { + Command::new("iptables") + .args(["-n", "-L", CHAIN]) + .output() + .is_ok_and(|o| o.status.success()) +} + +/// Create the BORE chain and jump rule. Flushes any stale rules from a previous run. +pub fn init() -> Result<()> { + if chain_exists() { + iptables(&["-F", CHAIN])?; + info!("flushed stale iptables chain {CHAIN}"); + } else { + iptables(&["-N", CHAIN])?; + info!("created iptables chain {CHAIN}"); + } + + // Add jump from INPUT to BORE if not already present + let check = Command::new("iptables") + .args(["-C", "INPUT", "-j", CHAIN]) + .output()?; + if !check.status.success() { + iptables(&["-I", "INPUT", "-j", CHAIN])?; + info!("added INPUT -> {CHAIN} jump rule"); + } + + CHAIN_CREATED.store(true, Ordering::Relaxed); + Ok(()) +} + +/// Allow inbound traffic on a TCP or UDP port. +pub fn allow_port(port: u16, proto: &str) { + if !CHAIN_CREATED.load(Ordering::Relaxed) { + return; + } + let port_str = port.to_string(); + if let Err(e) = iptables(&["-A", CHAIN, "-p", proto, "--dport", &port_str, "-j", "ACCEPT"]) { + warn!("failed to add firewall rule for {proto}/{port}: {e}"); + } else { + info!("firewall: opened {proto}/{port}"); + } +} + +/// Remove the allow rule for a TCP or UDP port. +pub fn deny_port(port: u16, proto: &str) { + if !CHAIN_CREATED.load(Ordering::Relaxed) { + return; + } + let port_str = port.to_string(); + if let Err(e) = iptables(&["-D", CHAIN, "-p", proto, "--dport", &port_str, "-j", "ACCEPT"]) { + warn!("failed to remove firewall rule for {proto}/{port}: {e}"); + } else { + info!("firewall: closed {proto}/{port}"); + } +} + +/// Flush the BORE chain and remove the jump rule. Call on shutdown. +pub fn cleanup() { + if !CHAIN_CREATED.load(Ordering::Relaxed) { + return; + } + // Remove jump rule + let _ = iptables(&["-D", "INPUT", "-j", CHAIN]); + // Flush chain + let _ = iptables(&["-F", CHAIN]); + // Delete chain + let _ = iptables(&["-X", CHAIN]); + info!("firewall: cleaned up {CHAIN} chain"); + CHAIN_CREATED.store(false, Ordering::Relaxed); +} diff --git a/src/server/mod.rs b/src/server/mod.rs new file mode 100644 index 0000000..647e4e7 --- /dev/null +++ b/src/server/mod.rs @@ -0,0 +1,120 @@ +pub mod endpoints; +pub mod firewall; +pub mod quic_listener; +pub mod state; +pub mod traefik; + +use endpoints::http; +use std::net::SocketAddr; +use std::path::PathBuf; +use std::sync::Arc; + +use clap::Parser; +use color_eyre::Result; +use tokio_util::sync::CancellationToken; + +use crate::quic; +use state::ServerState; + +#[derive(Parser, Debug)] +pub struct ServerArgs { + /// Address for the QUIC listener + #[arg(long, default_value = "0.0.0.0:4843", env = "BORE_LISTEN_ADDR")] + pub listen_addr: SocketAddr, + + /// Address for the HTTP tunnel proxy + #[arg(long, default_value = "0.0.0.0:8080", env = "BORE_HTTP_ADDR")] + pub http_addr: SocketAddr, + + /// Address for the Traefik provider API + #[arg(long, default_value = "127.0.0.1:3100", env = "BORE_API_ADDR")] + pub api_addr: SocketAddr, + + /// Base domain for HTTP tunnel subdomains (e.g. bore.example.com) + #[arg(long, env = "BORE_BASE_DOMAIN")] + pub base_domain: String, + + /// Shared secret for client authentication + #[arg(long, env = "BORE_SECRET")] + pub secret: String, + + /// Traefik entrypoint name for HTTP tunnel routers + #[arg(long, default_value = "websecure", env = "BORE_TRAEFIK_ENTRYPOINT")] + pub traefik_entrypoint: String, + + /// Traefik TLS cert resolver name (e.g. "letsencrypt"). Omit to disable TLS in generated config. + #[arg(long, env = "BORE_TRAEFIK_CERT_RESOLVER")] + pub traefik_cert_resolver: Option, + + /// Manage iptables rules for tunnel ports (requires root/CAP_NET_ADMIN) + #[arg(long, default_value_t = false, env = "BORE_MANAGE_FIREWALL")] + pub manage_firewall: bool, + + /// Directory for persistent data (TLS cert/key) + #[arg(long, default_value = "./bore-data", env = "BORE_DATA_DIR")] + pub data_dir: PathBuf, +} + +pub async fn run(args: ServerArgs) -> Result<()> { + let cancel = CancellationToken::new(); + + if args.manage_firewall { + firewall::init()?; + } + + let state = Arc::new(ServerState::new( + args.secret.clone(), + args.base_domain.clone(), + args.http_addr, + args.traefik_entrypoint.clone(), + args.traefik_cert_resolver.clone(), + args.manage_firewall, + )); + + let (certs, key) = quic::load_or_generate_cert(&args.data_dir)?; + tracing::info!( + "server cert fingerprint: {}", + quic::cert_fingerprint(certs[0].as_ref()) + ); + let endpoint = quic::make_server_endpoint(args.listen_addr, certs, key)?; + + let quic_handle = { + let state = state.clone(); + let cancel = cancel.clone(); + tokio::spawn(async move { quic_listener::run(endpoint, state, cancel).await }) + }; + + let http_handle = { + let state = state.clone(); + let cancel = cancel.clone(); + tokio::spawn(async move { http::run(args.http_addr, state, cancel).await }) + }; + + let api_handle = { + let state = state.clone(); + let cancel = cancel.clone(); + tokio::spawn(async move { traefik::run(args.api_addr, state, cancel).await }) + }; + + tokio::select! { + res = quic_handle => { + tracing::error!("QUIC listener exited: {res:?}"); + } + res = http_handle => { + tracing::error!("HTTP server exited: {res:?}"); + } + res = api_handle => { + tracing::error!("Traefik API exited: {res:?}"); + } + _ = tokio::signal::ctrl_c() => { + tracing::info!("shutting down"); + cancel.cancel(); + } + } + + if args.manage_firewall { + firewall::cleanup(); + } + + Ok(()) +} diff --git a/src/server/quic_listener.rs b/src/server/quic_listener.rs new file mode 100644 index 0000000..f67261c --- /dev/null +++ b/src/server/quic_listener.rs @@ -0,0 +1,211 @@ +use std::sync::Arc; + +use color_eyre::Result; +use quinn::Endpoint; +use tokio_util::sync::CancellationToken; +use tracing::{info, warn}; + +use crate::protocol::{ + ClientMessage, ServerMessage, TunnelProtocol, read_client_message, write_server_message, +}; +use crate::server::endpoints::{tcp, udp}; +use crate::tunnel::TunnelInfo; + +use super::state::ServerState; + +pub async fn run( + endpoint: Endpoint, + state: Arc, + cancel: CancellationToken, +) -> Result<()> { + loop { + tokio::select! { + _ = cancel.cancelled() => break, + incoming = endpoint.accept() => { + let Some(incoming) = incoming else { break }; + let state = state.clone(); + let cancel = cancel.child_token(); + tokio::spawn(async move { + if let Err(e) = handle_connection(incoming, state, cancel).await { + warn!("connection error: {e:#}"); + } + }); + } + } + } + Ok(()) +} + +async fn handle_connection( + incoming: quinn::Incoming, + state: Arc, + cancel: CancellationToken, +) -> Result<()> { + let connection = incoming.await?; + let remote = connection.remote_address(); + info!(%remote, "new QUIC connection"); + + let connection_id = state.next_connection_id(); + + // Spawn watcher to clean up when connection closes + { + let state = state.clone(); + let conn = connection.clone(); + tokio::spawn(async move { + conn.closed().await; + info!(%remote, "connection closed, cleaning up"); + state.remove_connection(connection_id); + }); + } + + // Accept the control stream (first bidirectional stream) + let (mut send, mut recv) = connection.accept_bi().await?; + + // Authenticate + let msg = read_client_message(&mut recv).await?; + match msg { + ClientMessage::Auth { secret } => { + if secret != state.secret { + write_server_message( + &mut send, + &ServerMessage::Error { + message: "invalid secret".to_string(), + }, + ) + .await?; + return Ok(()); + } + write_server_message(&mut send, &ServerMessage::AuthOk).await?; + info!(%remote, "authenticated"); + } + _ => { + write_server_message( + &mut send, + &ServerMessage::Error { + message: "expected Auth message".to_string(), + }, + ) + .await?; + return Ok(()); + } + } + + // Process tunnel requests + loop { + tokio::select! { + _ = cancel.cancelled() => break, + msg = read_client_message(&mut recv) => { + let msg = match msg { + Ok(m) => m, + Err(e) => { + info!(%remote, "control stream closed: {e:#}"); + break; + } + }; + + match msg { + ClientMessage::RequestTunnel { protocol, local_port, remote_port, subdomain } => { + let tunnel_id = state.next_tunnel_id(); + let tunnel_cancel = cancel.child_token(); + + match protocol { + TunnelProtocol::Tcp => { + let port = remote_port.unwrap_or(0); + match tcp::bind_and_relay( + tunnel_id, + port, + connection.clone(), + tunnel_cancel, + ).await { + Ok(assigned_port) => { + let info = TunnelInfo { + id: tunnel_id, + protocol, + target: format!("client:{local_port}"), + remote_port: Some(assigned_port), + subdomain: None, + }; + state.register_tunnel(connection_id, info, connection.clone()); + write_server_message(&mut send, &ServerMessage::TunnelCreated { + tunnel_id, + protocol, + assigned_port: Some(assigned_port), + assigned_subdomain: None, + }).await?; + tracing::info!(tunnel_id, assigned_port, "TCP tunnel created"); + } + Err(e) => { + write_server_message(&mut send, &ServerMessage::Error { + message: format!("failed to bind TCP: {e}"), + }).await?; + } + } + } + TunnelProtocol::Udp => { + let port = remote_port.unwrap_or(0); + match udp::bind_and_relay( + tunnel_id, + port, + connection.clone(), + tunnel_cancel, + ).await { + Ok(assigned_port) => { + let info = TunnelInfo { + id: tunnel_id, + protocol, + target: format!("client:{local_port}"), + remote_port: Some(assigned_port), + subdomain: None, + }; + state.register_tunnel(connection_id, info, connection.clone()); + write_server_message(&mut send, &ServerMessage::TunnelCreated { + tunnel_id, + protocol, + assigned_port: Some(assigned_port), + assigned_subdomain: None, + }).await?; + tracing::info!(tunnel_id, assigned_port, "UDP tunnel created"); + } + Err(e) => { + write_server_message(&mut send, &ServerMessage::Error { + message: format!("failed to bind UDP: {e}"), + }).await?; + } + } + } + TunnelProtocol::Http => { + let subdomain = subdomain.unwrap_or_else(|| { + uuid::Uuid::new_v4().to_string()[..8].to_string() + }); + let fqdn = format!("{}.{}", subdomain, state.base_domain); + let info = TunnelInfo { + id: tunnel_id, + protocol, + target: format!("client:{local_port}"), + remote_port: None, + subdomain: Some(subdomain.clone()), + }; + state.register_tunnel(connection_id, info, connection.clone()); + let url = format!("http://{fqdn}"); + write_server_message(&mut send, &ServerMessage::TunnelCreated { + tunnel_id, + protocol, + assigned_port: None, + assigned_subdomain: Some(url), + }).await?; + tracing::info!(tunnel_id, %fqdn, "HTTP tunnel created"); + } + } + } + _ => { + write_server_message(&mut send, &ServerMessage::Error { + message: "unexpected message on control stream".to_string(), + }).await?; + } + } + } + } + } + + Ok(()) +} diff --git a/src/server/state.rs b/src/server/state.rs new file mode 100644 index 0000000..972fbc6 --- /dev/null +++ b/src/server/state.rs @@ -0,0 +1,126 @@ +use std::net::SocketAddr; +use std::sync::atomic::{AtomicU64, Ordering}; + +use dashmap::DashMap; +use quinn::Connection; + +use crate::protocol::TunnelProtocol; +use crate::tunnel::{TunnelId, TunnelInfo}; +use super::firewall; + +/// A registered tunnel on the server. +pub struct TunnelEntry { + pub info: TunnelInfo, + /// The QUIC connection to the client that owns this tunnel. + pub connection: Connection, +} + +/// Shared server state. +pub struct ServerState { + pub secret: String, + pub base_domain: String, + pub http_addr: SocketAddr, + pub traefik_entrypoint: String, + pub traefik_cert_resolver: Option, + pub manage_firewall: bool, + /// tunnel_id -> TunnelEntry + pub tunnels: DashMap, + /// subdomain -> tunnel_id (for HTTP routing) + pub http_routes: DashMap, + /// connection_id -> list of tunnel_ids (for cleanup) + pub connection_tunnels: DashMap>, + next_tunnel_id: AtomicU64, + next_connection_id: AtomicU64, +} + +impl ServerState { + pub fn new( + secret: String, + base_domain: String, + http_addr: SocketAddr, + traefik_entrypoint: String, + traefik_cert_resolver: Option, + manage_firewall: bool, + ) -> Self { + Self { + secret, + base_domain, + http_addr, + traefik_entrypoint, + traefik_cert_resolver, + manage_firewall, + tunnels: DashMap::new(), + http_routes: DashMap::new(), + connection_tunnels: DashMap::new(), + next_tunnel_id: AtomicU64::new(1), + next_connection_id: AtomicU64::new(1), + } + } + + pub fn next_tunnel_id(&self) -> TunnelId { + self.next_tunnel_id.fetch_add(1, Ordering::Relaxed) + } + + pub fn next_connection_id(&self) -> usize { + self.next_connection_id.fetch_add(1, Ordering::Relaxed) as usize + } + + pub fn register_tunnel(&self, connection_id: usize, info: TunnelInfo, connection: Connection) { + let tunnel_id = info.id; + + if info.protocol == TunnelProtocol::Http + && let Some(ref subdomain) = info.subdomain + { + self.http_routes.insert(subdomain.clone(), tunnel_id); + } + + if self.manage_firewall { + if let Some(port) = info.remote_port { + let proto = match info.protocol { + TunnelProtocol::Tcp => "tcp", + TunnelProtocol::Udp => "udp", + TunnelProtocol::Http => "", + }; + if !proto.is_empty() { + firewall::allow_port(port, proto); + } + } + } + + self.tunnels + .insert(tunnel_id, TunnelEntry { info, connection }); + self.connection_tunnels + .entry(connection_id) + .or_default() + .push(tunnel_id); + } + + pub fn remove_connection(&self, connection_id: usize) { + if let Some((_, tunnel_ids)) = self.connection_tunnels.remove(&connection_id) { + for tid in tunnel_ids { + if let Some((_, entry)) = self.tunnels.remove(&tid) { + if entry.info.protocol == TunnelProtocol::Http + && let Some(ref subdomain) = entry.info.subdomain + { + self.http_routes.remove(subdomain); + } + + if self.manage_firewall { + if let Some(port) = entry.info.remote_port { + let proto = match entry.info.protocol { + TunnelProtocol::Tcp => "tcp", + TunnelProtocol::Udp => "udp", + TunnelProtocol::Http => "", + }; + if !proto.is_empty() { + firewall::deny_port(port, proto); + } + } + } + + tracing::info!(tunnel_id = tid, "removed tunnel"); + } + } + } + } +} diff --git a/src/server/traefik.rs b/src/server/traefik.rs new file mode 100644 index 0000000..c56d699 --- /dev/null +++ b/src/server/traefik.rs @@ -0,0 +1,113 @@ +use std::net::SocketAddr; +use std::sync::Arc; + +use axum::extract::State; +use axum::{Json, Router}; +use color_eyre::Result; +use serde::Serialize; +use std::collections::HashMap; +use tokio_util::sync::CancellationToken; +use tracing::info; + +use super::state::ServerState; + +#[derive(Serialize)] +pub struct TraefikConfig { + http: TraefikHttp, +} + +#[derive(Serialize)] +pub struct TraefikHttp { + routers: HashMap, + services: HashMap, +} + +#[derive(Serialize)] +#[serde(rename_all = "camelCase")] +pub struct TraefikRouter { + rule: String, + service: String, + entry_points: Vec, + #[serde(skip_serializing_if = "Option::is_none")] + tls: Option, +} + +#[derive(Serialize)] +#[serde(rename_all = "camelCase")] +pub struct TraefikTls { + cert_resolver: String, +} + +#[derive(Serialize)] +#[serde(rename_all = "camelCase")] +pub struct TraefikService { + load_balancer: TraefikLoadBalancer, +} + +#[derive(Serialize)] +pub struct TraefikLoadBalancer { + servers: Vec, +} + +#[derive(Serialize)] +pub struct TraefikServer { + url: String, +} + +pub async fn run( + addr: SocketAddr, + state: Arc, + cancel: CancellationToken, +) -> Result<()> { + let app = Router::new() + .route("/api/traefik", axum::routing::get(handler)) + .with_state(state); + + let listener = tokio::net::TcpListener::bind(addr).await?; + info!(%addr, "Traefik API listening"); + + axum::serve(listener, app) + .with_graceful_shutdown(async move { cancel.cancelled().await }) + .await?; + Ok(()) +} + +async fn handler(State(state): State>) -> Json { + let mut routers = HashMap::new(); + let mut services = HashMap::new(); + + let bore_url = format!("http://{}", state.http_addr); + + for entry in state.http_routes.iter() { + let subdomain = entry.key(); + let name = format!("bore-{subdomain}"); + let fqdn = format!("{subdomain}.{}", state.base_domain); + + routers.insert( + name.clone(), + TraefikRouter { + rule: format!("Host(`{fqdn}`)"), + service: name.clone(), + entry_points: vec![state.traefik_entrypoint.clone()], + tls: state.traefik_cert_resolver.as_ref().map(|r| TraefikTls { + cert_resolver: r.clone(), + }), + }, + ); + + services.insert( + name, + TraefikService { + load_balancer: TraefikLoadBalancer { + servers: vec![TraefikServer { + url: bore_url.clone(), + }], + }, + }, + ); + } + + Json(TraefikConfig { + http: TraefikHttp { routers, services }, + }) +} diff --git a/src/tunnel.rs b/src/tunnel.rs new file mode 100644 index 0000000..12f74c2 --- /dev/null +++ b/src/tunnel.rs @@ -0,0 +1,14 @@ +use crate::protocol::TunnelProtocol; + +pub type TunnelId = u64; + +/// Metadata about an active tunnel. +#[derive(Debug, Clone)] +pub struct TunnelInfo { + pub id: TunnelId, + pub protocol: TunnelProtocol, + /// Target address to connect to (e.g. "127.0.0.1:8080" or "10.0.4.2:3000") + pub target: String, + pub remote_port: Option, + pub subdomain: Option, +}